Edit tour

Windows Analysis Report
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Overview

General Information

Sample Name:	8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Analysis ID:	624876
MD5:	df1dc1a245d93014003e9ecc4f654602
SHA1:	b2f5da6a917d9535a623de61c603d03f0d225fb4
SHA256:	8fa3b2eb7650ac7ff7dbbeed506e3f17b805d64d6932715f8885508fb6f988c6
Tags:	exeNanoCoreRAT
Infos:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Detected Nanocore Rat

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Yara detected Nanocore RAT

Snort IDS alert for network traffic

Machine Learning detection for sample

.NET source code contains potential unpacker

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses schtasks.exe or at.exe to add and modify task schedules

Uses dynamic DNS services

Uses 32bit PE files

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Drops PE files

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe (PID: 6408 cmdline: "C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe" MD5: DF1DC1A245D93014003E9ECC4F654602)

schtasks.exe (PID: 6448 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 6544 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp21A4.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe (PID: 6536 cmdline: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe 0 MD5: DF1DC1A245D93014003E9ECC4F654602)

dhcpmon.exe (PID: 6776 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0 MD5: DF1DC1A245D93014003E9ECC4F654602)

dhcpmon.exe (PID: 6860 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" MD5: DF1DC1A245D93014003E9ECC4F654602)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "3577d152-ce3c-4012-b95b-9d207c3b", "Group": "Default", "Domain1": "khalil3131.ddns.net", "Domain2": "127.0.0.1", "Port": 1991, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Enable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x23ccb:$a: NanoCore 0x23d24:$a: NanoCore 0x23d61:$a: NanoCore 0x23dda:$a: NanoCore 0x23d2d:$b: ClientPlugin 0x23d6a:$b: ClientPlugin 0x24668:$b: ClientPlugin 0x24675:$b: ClientPlugin 0x1ba3f:$e: KeepAlive 0x241b5:$g: LogClientMessage 0x24135:$i: get_Connected 0x15cfd:$j: #=q 0x15d2d:$j: #=q 0x15d69:$j: #=q 0x15d91:$j: #=q 0x15dc1:$j: #=q 0x15df1:$j: #=q 0x15e21:$j: #=q 0x15e51:$j: #=q 0x15e6d:$j: #=q 0x15e9d:$j: #=q
0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x23ba3:$a: NanoCore 0x23bfc:$a: NanoCore 0x23c39:$a: NanoCore 0x23cb2:$a: NanoCore 0x23c05:$b: ClientPlugin 0x23c42:$b: ClientPlugin 0x24540:$b: ClientPlugin 0x2454d:$b: ClientPlugin 0x1b917:$e: KeepAlive 0x2408d:$g: LogClientMessage 0x2400d:$i: get_Connected 0x15bd5:$j: #=q 0x15c05:$j: #=q 0x15c41:$j: #=q 0x15c69:$j: #=q 0x15c99:$j: #=q 0x15cc9:$j: #=q 0x15cf9:$j: #=q 0x15d29:$j: #=q 0x15d45:$j: #=q 0x15d75:$j: #=q
00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x23ba3:$a: NanoCore 0x23bfc:$a: NanoCore 0x23c39:$a: NanoCore 0x23cb2:$a: NanoCore 0x23c05:$b: ClientPlugin 0x23c42:$b: ClientPlugin 0x24540:$b: ClientPlugin 0x2454d:$b: ClientPlugin 0x1b917:$e: KeepAlive 0x2408d:$g: LogClientMessage 0x2400d:$i: get_Connected 0x15bd5:$j: #=q 0x15c05:$j: #=q 0x15c41:$j: #=q 0x15c69:$j: #=q 0x15c99:$j: #=q 0x15cc9:$j: #=q 0x15cf9:$j: #=q 0x15d29:$j: #=q 0x15d45:$j: #=q 0x15d75:$j: #=q
00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x49a75:$a: NanoCore 0x49ace:$a: NanoCore 0x49b0b:$a: NanoCore 0x49b84:$a: NanoCore 0x5d22f:$a: NanoCore 0x5d244:$a: NanoCore 0x5d279:$a: NanoCore 0x76213:$a: NanoCore 0x76228:$a: NanoCore 0x7625d:$a: NanoCore 0x49ad7:$b: ClientPlugin 0x49b14:$b: ClientPlugin 0x4a412:$b: ClientPlugin 0x4a41f:$b: ClientPlugin 0x5cfeb:$b: ClientPlugin 0x5d006:$b: ClientPlugin 0x5d036:$b: ClientPlugin 0x5d24d:$b: ClientPlugin 0x5d282:$b: ClientPlugin 0x75fcf:$b: ClientPlugin 0x75fea:$b: ClientPlugin
00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x49a75:$a: NanoCore 0x49ace:$a: NanoCore 0x49b0b:$a: NanoCore 0x49b84:$a: NanoCore 0x5d22f:$a: NanoCore 0x5d244:$a: NanoCore 0x5d279:$a: NanoCore 0x76213:$a: NanoCore 0x76228:$a: NanoCore 0x7625d:$a: NanoCore 0x49ad7:$b: ClientPlugin 0x49b14:$b: ClientPlugin 0x4a412:$b: ClientPlugin 0x4a41f:$b: ClientPlugin 0x5cfeb:$b: ClientPlugin 0x5d006:$b: ClientPlugin 0x5d036:$b: ClientPlugin 0x5d24d:$b: ClientPlugin 0x5d282:$b: ClientPlugin 0x75fcf:$b: ClientPlugin 0x75fea:$b: ClientPlugin
00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x49a75:$a: NanoCore 0x49ace:$a: NanoCore 0x49b0b:$a: NanoCore 0x49b84:$a: NanoCore 0x5d22f:$a: NanoCore 0x5d244:$a: NanoCore 0x5d279:$a: NanoCore 0x76213:$a: NanoCore 0x76228:$a: NanoCore 0x7625d:$a: NanoCore 0x49ad7:$b: ClientPlugin 0x49b14:$b: ClientPlugin 0x4a412:$b: ClientPlugin 0x4a41f:$b: ClientPlugin 0x5cfeb:$b: ClientPlugin 0x5d006:$b: ClientPlugin 0x5d036:$b: ClientPlugin 0x5d24d:$b: ClientPlugin 0x5d282:$b: ClientPlugin 0x75fcf:$b: ClientPlugin 0x75fea:$b: ClientPlugin
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x34413:$x1: NanoCore.ClientPluginHost 0x3d54d:$x1: NanoCore.ClientPluginHost 0x63541:$x1: NanoCore.ClientPluginHost 0x7bc77:$x1: NanoCore.ClientPluginHost 0x104efb:$x1: NanoCore.ClientPluginHost 0x3442d:$x2: IClientNetworkHost 0x3d57a:$x2: IClientNetworkHost 0x6355b:$x2: IClientNetworkHost 0x7bcb4:$x2: IClientNetworkHost 0x104f28:$x2: IClientNetworkHost 0x7f7a5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x8a82b:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe7854:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe7bd3:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x3437d:$a: NanoCore 0x343d6:$a: NanoCore 0x34413:$a: NanoCore 0x3448c:$a: NanoCore 0x34d45:$a: NanoCore 0x34d98:$a: NanoCore 0x34dd1:$a: NanoCore 0x34e44:$a: NanoCore 0x3d503:$a: NanoCore 0x3d518:$a: NanoCore 0x3d54d:$a: NanoCore 0x426cf:$a: NanoCore 0x426e2:$a: NanoCore 0x42714:$a: NanoCore 0x634ab:$a: NanoCore 0x63504:$a: NanoCore 0x63541:$a: NanoCore 0x635ba:$a: NanoCore 0x63e5f:$a: NanoCore 0x63eb2:$a: NanoCore 0x63eeb:$a: NanoCore
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x95e4:$x1: NanoCore.ClientPluginHost 0xcb11:$x1: NanoCore.ClientPluginHost 0x27cae:$x1: NanoCore.ClientPluginHost 0x95fe:$x2: IClientNetworkHost 0xcb4e:$x2: IClientNetworkHost 0x27cc8:$x2: IClientNetworkHost 0x1063f:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x1b6c5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x5a0:$a: NanoCore 0x60d:$a: NanoCore 0x680:$a: NanoCore 0x954e:$a: NanoCore 0x95a7:$a: NanoCore 0x95e4:$a: NanoCore 0x965d:$a: NanoCore 0x9de9:$a: NanoCore 0x9e3c:$a: NanoCore 0x9e75:$a: NanoCore 0x9ee8:$a: NanoCore 0xab52:$a: NanoCore 0xab64:$a: NanoCore 0xc7de:$a: NanoCore 0xc7ee:$a: NanoCore 0xc8ad:$a: NanoCore 0xc8bc:$a: NanoCore 0xcabd:$a: NanoCore 0xcad1:$a: NanoCore 0xcb11:$a: NanoCore 0x17d2f:$a: NanoCore
Process Memory Space: dhcpmon.exe PID: 6776	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xdb9:$x1: NanoCore.ClientPluginHost 0x21243:$x1: NanoCore.ClientPluginHost 0x2c901:$x1: NanoCore.ClientPluginHost 0xdf6:$x2: IClientNetworkHost 0x2125d:$x2: IClientNetworkHost 0x2c91b:$x2: IClientNetworkHost 0x48e7:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xf96d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: dhcpmon.exe PID: 6776	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: dhcpmon.exe PID: 6776	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xa86:$a: NanoCore 0xa96:$a: NanoCore 0xb55:$a: NanoCore 0xb64:$a: NanoCore 0xd65:$a: NanoCore 0xd79:$a: NanoCore 0xdb9:$a: NanoCore 0xbfd7:$a: NanoCore 0xbfe9:$a: NanoCore 0xc025:$a: NanoCore 0x181f8:$a: NanoCore 0x18265:$a: NanoCore 0x182d8:$a: NanoCore 0x211ad:$a: NanoCore 0x21206:$a: NanoCore 0x21243:$a: NanoCore 0x212bc:$a: NanoCore 0x21a48:$a: NanoCore 0x21a9b:$a: NanoCore 0x21ad4:$a: NanoCore 0x21b47:$a: NanoCore
Process Memory Space: dhcpmon.exe PID: 6860	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x11d8:$x1: NanoCore.ClientPluginHost 0x208e8:$x1: NanoCore.ClientPluginHost 0x252f9:$x1: NanoCore.ClientPluginHost 0x1215:$x2: IClientNetworkHost 0x20902:$x2: IClientNetworkHost 0x25313:$x2: IClientNetworkHost 0x4d06:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xfd8c:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: dhcpmon.exe PID: 6860	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: dhcpmon.exe PID: 6860	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xea5:$a: NanoCore 0xeb5:$a: NanoCore 0xf74:$a: NanoCore 0xf83:$a: NanoCore 0x1184:$a: NanoCore 0x1198:$a: NanoCore 0x11d8:$a: NanoCore 0xc3f6:$a: NanoCore 0xc408:$a: NanoCore 0xc444:$a: NanoCore 0x17891:$a: NanoCore 0x178fe:$a: NanoCore 0x17971:$a: NanoCore 0x20852:$a: NanoCore 0x208ab:$a: NanoCore 0x208e8:$a: NanoCore 0x20961:$a: NanoCore 0x210ed:$a: NanoCore 0x21140:$a: NanoCore 0x21179:$a: NanoCore 0x211ec:$a: NanoCore
Click to see the 51 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
11.2.dhcpmon.exe.37ceacc.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
11.2.dhcpmon.exe.37ceacc.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
11.2.dhcpmon.exe.37ceacc.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.2.dhcpmon.exe.37ceacc.4.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
9.2.dhcpmon.exe.3483dc4.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
9.2.dhcpmon.exe.3483dc4.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
9.2.dhcpmon.exe.3483dc4.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
11.2.dhcpmon.exe.d0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
11.2.dhcpmon.exe.d0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
11.2.dhcpmon.exe.d0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.2.dhcpmon.exe.d0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
11.2.dhcpmon.exe.d0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x24168:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x24195:$x2: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x24168:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x25243:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x24182:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0x24133:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0x24168:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0x24127:$i2: IClientData 0xb165:$i3: IClientNetwork 0x24149:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0x24158:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0x24182:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0x24195:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0x241a8:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0x241b6:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0x241d2:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin
11.2.dhcpmon.exe.37d30f5.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x24168:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x24195:$x2: IClientNetworkHost
11.2.dhcpmon.exe.37d30f5.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x24168:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x25243:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x24182:$s5: IClientLoggingHost
11.2.dhcpmon.exe.37d30f5.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.2.dhcpmon.exe.37d30f5.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0x24133:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0x24168:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0x24127:$i2: IClientData 0xb165:$i3: IClientNetwork 0x24149:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0x24158:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0x24182:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0x24195:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0x241a8:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0x241b6:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0x241d2:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin
9.2.dhcpmon.exe.44aeacc.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
9.2.dhcpmon.exe.44aeacc.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
9.2.dhcpmon.exe.44aeacc.2.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.2.dhcpmon.exe.44aeacc.2.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2d5c7:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2d5f4:$x2: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2d5c7:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2e6a2:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2d5e1:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0x145ae:$x2: NanoCore.ClientPlugin 0x2d592:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0x145e3:$x3: NanoCore.ClientPluginHost 0x2d5c7:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0x145a2:$i2: IClientData 0x2d586:$i2: IClientData 0xe29:$i3: IClientNetwork 0x145c4:$i3: IClientNetwork 0x2d5a8:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0x145d3:$i5: IClientDataHost 0x2d5b7:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0x145fd:$i6: IClientLoggingHost 0x2d5e1:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2d57d:$a: NanoCore 0x2d592:$a: NanoCore 0x2d5c7:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2d339:$b: ClientPlugin 0x2d354:$b: ClientPlugin
11.2.dhcpmon.exe.37ceacc.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x28791:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x287be:$x2: IClientNetworkHost
11.2.dhcpmon.exe.37ceacc.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x28791:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x2986c:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x287ab:$s5: IClientLoggingHost
11.2.dhcpmon.exe.37ceacc.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.2.dhcpmon.exe.37ceacc.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0x2875c:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0x28791:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0x28750:$i2: IClientData 0xf78e:$i3: IClientNetwork 0x28772:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0x28781:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0x287ab:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0x287be:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0x287d1:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0x287df:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0x287fb:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
11.0.dhcpmon.exe.d0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
11.0.dhcpmon.exe.d0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
11.0.dhcpmon.exe.d0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.0.dhcpmon.exe.d0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
11.0.dhcpmon.exe.d0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
9.2.dhcpmon.exe.db0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
9.2.dhcpmon.exe.db0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
9.2.dhcpmon.exe.db0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.2.dhcpmon.exe.db0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
9.2.dhcpmon.exe.db0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
11.2.dhcpmon.exe.27a3dc4.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
11.2.dhcpmon.exe.27a3dc4.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
11.2.dhcpmon.exe.27a3dc4.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
11.2.dhcpmon.exe.37c9c96.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2d5c7:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2d5f4:$x2: IClientNetworkHost
11.2.dhcpmon.exe.37c9c96.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2d5c7:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2e6a2:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2d5e1:$s5: IClientLoggingHost
11.2.dhcpmon.exe.37c9c96.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
11.2.dhcpmon.exe.37c9c96.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0x145ae:$x2: NanoCore.ClientPlugin 0x2d592:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0x145e3:$x3: NanoCore.ClientPluginHost 0x2d5c7:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0x145a2:$i2: IClientData 0x2d586:$i2: IClientData 0xe29:$i3: IClientNetwork 0x145c4:$i3: IClientNetwork 0x2d5a8:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0x145d3:$i5: IClientDataHost 0x2d5b7:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0x145fd:$i6: IClientLoggingHost 0x2d5e1:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost
11.2.dhcpmon.exe.37c9c96.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2d57d:$a: NanoCore 0x2d592:$a: NanoCore 0x2d5c7:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2d339:$b: ClientPlugin 0x2d354:$b: ClientPlugin
9.2.dhcpmon.exe.44b30f5.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x24168:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x24195:$x2: IClientNetworkHost
9.2.dhcpmon.exe.44b30f5.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x24168:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x25243:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x24182:$s5: IClientLoggingHost
9.2.dhcpmon.exe.44b30f5.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.2.dhcpmon.exe.44b30f5.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0x24133:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0x24168:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0x24127:$i2: IClientData 0xb165:$i3: IClientNetwork 0x24149:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0x24158:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0x24182:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0x24195:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0x241a8:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0x241b6:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0x241d2:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
9.2.dhcpmon.exe.44aeacc.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x28791:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x287be:$x2: IClientNetworkHost
9.2.dhcpmon.exe.44aeacc.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x28791:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x2986c:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x287ab:$s5: IClientLoggingHost
9.2.dhcpmon.exe.44aeacc.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.2.dhcpmon.exe.44aeacc.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0x2875c:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0x28791:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0x28750:$i2: IClientData 0xf78e:$i3: IClientNetwork 0x28772:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0x28781:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0x287ab:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0x287be:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0x287d1:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0x287df:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0x287fb:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
9.2.dhcpmon.exe.44a9c96.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2d5c7:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2d5f4:$x2: IClientNetworkHost
9.2.dhcpmon.exe.44a9c96.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2d5c7:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2e6a2:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2d5e1:$s5: IClientLoggingHost
9.2.dhcpmon.exe.44a9c96.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.2.dhcpmon.exe.44a9c96.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0x145ae:$x2: NanoCore.ClientPlugin 0x2d592:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0x145e3:$x3: NanoCore.ClientPluginHost 0x2d5c7:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0x145a2:$i2: IClientData 0x2d586:$i2: IClientData 0xe29:$i3: IClientNetwork 0x145c4:$i3: IClientNetwork 0x2d5a8:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0x145d3:$i5: IClientDataHost 0x2d5b7:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0x145fd:$i6: IClientLoggingHost 0x2d5e1:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost
9.2.dhcpmon.exe.44a9c96.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2d57d:$a: NanoCore 0x2d592:$a: NanoCore 0x2d5c7:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2d339:$b: ClientPlugin 0x2d354:$b: ClientPlugin
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x28791:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x287be:$x2: IClientNetworkHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x28791:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x2986c:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x287ab:$s5: IClientLoggingHost
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0x2875c:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0x28791:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0x28750:$i2: IClientData 0xf78e:$i3: IClientNetwork 0x28772:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0x28781:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0x287ab:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0x287be:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0x287d1:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0x287df:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0x287fb:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
9.0.dhcpmon.exe.db0000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
9.0.dhcpmon.exe.db0000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
9.0.dhcpmon.exe.db0000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
9.0.dhcpmon.exe.db0000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
9.0.dhcpmon.exe.db0000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
Click to see the 125 entries

Sigma Signatures

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, ProcessId: 6408, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Snort Signatures

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978519912816766 05/12/22-07:58:38.292297
SID:	2816766
Source Port:	49785
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974419912025019 05/12/22-07:57:00.726091
SID:	2025019
Source Port:	49744
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976219912816766 05/12/22-07:57:29.709544
SID:	2816766
Source Port:	49762
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976519912816766 05/12/22-07:57:45.216192
SID:	2816766
Source Port:	49765
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974419912816718 05/12/22-07:57:02.037427
SID:	2816718
Source Port:	49744
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54975419912025019 05/12/22-07:57:14.238146
SID:	2025019
Source Port:	49754
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978219912816766 05/12/22-07:58:25.058984
SID:	2816766
Source Port:	49782
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974519912816766 05/12/22-07:57:09.662455
SID:	2816766
Source Port:	49745
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977019912816718 05/12/22-07:57:58.710592
SID:	2816718
Source Port:	49770
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978319912025019 05/12/22-07:58:29.840228
SID:	2025019
Source Port:	49783
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 91.109.186.5 - Destination IP: 192.168.2.3

Timestamp:	91.109.186.5192.168.2.31991497702810290 05/12/22-07:57:57.386403
SID:	2810290
Source Port:	1991
Destination Port:	49770
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978619912816766 05/12/22-07:58:44.794630
SID:	2816766
Source Port:	49786
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974519912025019 05/12/22-07:57:07.733942
SID:	2025019
Source Port:	49745
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977319912816766 05/12/22-07:58:03.947984
SID:	2816766
Source Port:	49773
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54975419912816766 05/12/22-07:57:16.743146
SID:	2816766
Source Port:	49754
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976419912025019 05/12/22-07:57:35.770968
SID:	2025019
Source Port:	49764
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977019912025019 05/12/22-07:57:57.148651
SID:	2025019
Source Port:	49770
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974419912816766 05/12/22-07:57:02.725769
SID:	2816766
Source Port:	49744
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978019912025019 05/12/22-07:58:16.673778
SID:	2025019
Source Port:	49780
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978319912816766 05/12/22-07:58:31.726985
SID:	2816766
Source Port:	49783
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977419912025019 05/12/22-07:58:08.550021
SID:	2025019
Source Port:	49774
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977019912816766 05/12/22-07:57:58.935372
SID:	2816766
Source Port:	49770
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976219912025019 05/12/22-07:57:27.823235
SID:	2025019
Source Port:	49762
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978919912025019 05/12/22-07:58:49.123054
SID:	2025019
Source Port:	49789
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976419912816766 05/12/22-07:57:38.690881
SID:	2816766
Source Port:	49764
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976519912025019 05/12/22-07:57:43.204061
SID:	2025019
Source Port:	49765
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978519912025019 05/12/22-07:58:36.405902
SID:	2025019
Source Port:	49785
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54977419912816766 05/12/22-07:58:10.389760
SID:	2816766
Source Port:	49774
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974319912816766 05/12/22-07:56:52.560880
SID:	2816766
Source Port:	49743
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978019912816766 05/12/22-07:58:18.415033
SID:	2816766
Source Port:	49780
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54974319912025019 05/12/22-07:56:50.755839
SID:	2025019
Source Port:	49743
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976619912816766 05/12/22-07:57:51.591169
SID:	2816766
Source Port:	49766
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978619912025019 05/12/22-07:58:42.971078
SID:	2025019
Source Port:	49786
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54975619912816766 05/12/22-07:57:23.127316
SID:	2816766
Source Port:	49756
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54975619912025019 05/12/22-07:57:21.352785
SID:	2025019
Source Port:	49756
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54976619912025019 05/12/22-07:57:49.806421
SID:	2025019
Source Port:	49766
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 91.109.186.5

Timestamp:	192.168.2.391.109.186.54978219912025019 05/12/22-07:58:23.335512
SID:	2025019
Source Port:	49782
Destination Port:	1991
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "3577d152-ce3c-4012-b95b-9d207c3b", "Group": "Default", "Domain1": "khalil3131.ddns.net", "Domain2": "127.0.0.1", "Port": 1991, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Enable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}

Multi AV Scanner detection for submitted file

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Virustotal: Detection: 85%	Perma Link
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Metadefender: Detection: 85%	Perma Link
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	ReversingLabs: Detection: 97%

Antivirus / Scanner detection for submitted sample

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Avira: detected

Antivirus detection for URL or domain

Source: khalil3131.ddns.net

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Avira: detection malicious, Label: TR/Dropper.MSIL.Gen7

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Metadefender: Detection: 85%			Perma Link
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	ReversingLabs: Detection: 97%

Yara detected Nanocore RAT

Source: Yara match	File source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

Machine Learning detection for sample

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Joe Sandbox ML: detected

Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	Avira: Label: TR/NanoCore.fadte
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 9.2.dhcpmon.exe.db0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 11.0.dhcpmon.exe.d0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 11.2.dhcpmon.exe.d0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	Avira: Label: TR/NanoCore.fadte
Source: 9.0.dhcpmon.exe.db0000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source:	Binary string: System.pdbe source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indows\System.pdbpdbtem.pdb86 source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\System.pdbic source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\System.pdbve source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbste source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbTE22#D source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49743 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49744 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49744 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49744 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49745 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49745 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49754 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49754 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49756 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49756 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49762 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49762 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49764 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49764 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49765 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49765 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49766 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49766 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49770 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49770 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 91.109.186.5:1991 -> 192.168.2.3:49770
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49770 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49773 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49774 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49774 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49780 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49780 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49782 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49782 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49783 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49783 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49785 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49785 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49786 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49786 -> 91.109.186.5:1991
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49789 -> 91.109.186.5:1991

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: khalil3131.ddns.net
Source: Malware configuration extractor	URLs: 127.0.0.1

Uses dynamic DNS services

Source: unknown

DNS query: name: khalil3131.ddns.net

Source: Joe Sandbox View

ASN Name: IELOIELOMainNetworkFR IELOIELOMainNetworkFR

Source: global traffic

TCP traffic: 192.168.2.3:49743 -> 91.109.186.5:1991

Source: unknown

DNS traffic detected: queries for: khalil3131.ddns.net

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Code function: 0_2_0559327A WSARecv,

0_2_0559327A

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.541156290.00000000014EB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud

Yara detected Nanocore RAT

Source: Yara match	File source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.2.dhcpmon.exe.3483dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.3483dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.27a3dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.27a3dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: Detects NanoCore Author: ditekSHen
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.2.dhcpmon.exe.3483dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.3483dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.3483dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.349140c.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.2b23eec.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.27a3dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.27a3dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.27a3dc4.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5860000.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_00CA524A	0_2_00CA524A
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D89D0	0_2_014D89D0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D3850	0_2_014D3850
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D2FA8	0_2_014D2FA8
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D23A0	0_2_014D23A0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014DB2A0	0_2_014DB2A0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D95D0	0_2_014D95D0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D306F	0_2_014D306F
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_014D9697	0_2_014D9697
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 3_2_0043524A	3_2_0043524A
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 3_2_04C023A0	3_2_04C023A0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 3_2_04C02FA8	3_2_04C02FA8
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 3_2_04C0306F	3_2_04C0306F
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 9_2_00DB524A	9_2_00DB524A
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 9_2_05583850	9_2_05583850
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 9_2_05582FA8	9_2_05582FA8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 9_2_055823A0	9_2_055823A0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 9_2_0558306F	9_2_0558306F
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 11_2_000D524A	11_2_000D524A
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 11_2_048D2FA8	11_2_048D2FA8
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 11_2_048D23A0	11_2_048D23A0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 11_2_048D3850	11_2_048D3850
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 11_2_048D306F	11_2_048D306F

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_05591BB2 NtQuerySystemInformation,		0_2_05591BB2
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_05591B77 NtQuerySystemInformation,		0_2_05591B77

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.541156290.00000000014EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542169344.0000000003481000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545711499.0000000005870000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Static PE information: Section: .rsrc ZLIB complexity 1.00031072443
Source: dhcpmon.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 1.00031072443

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Virustotal: Detection: 85%
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Metadefender: Detection: 85%
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	ReversingLabs: Detection: 97%

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File read: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Jump to behavior

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe "C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe"
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe 0
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp21A4.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp21A4.tmp	Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_05591972 AdjustTokenPrivileges,		0_2_05591972
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_0559193B AdjustTokenPrivileges,		0_2_0559193B

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File created: C:\Users\user\AppData\Local\Temp\tmp187C.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@10/9@18/1

Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{3577d152-ce3c-4012-b95b-9d207c3b03b4}
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_01

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source:	Binary string: System.pdbe source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indows\System.pdbpdbtem.pdb86 source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\System.pdbic source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\System.pdbve source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbste source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbTE22#D source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542142014.0000000003135000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: dhcpmon.exe.0.dr, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: dhcpmon.exe.0.dr, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: dhcpmon.exe.0.dr, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 9.2.dhcpmon.exe.db0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 9.0.dhcpmon.exe.db0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 11.0.dhcpmon.exe.d0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 11.2.dhcpmon.exe.d0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

File opened: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe TID: 6672	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe TID: 6668	Thread sleep time: -800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe TID: 6564	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6844	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6944	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Window / User API: foregroundWindowGot 1086

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Code function: 0_2_0559169A GetSystemInfo,

0_2_0559169A

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.541731157.0000000001566000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp			Jump to behavior
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp21A4.tmp			Jump to behavior

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000003.317924034.00000000015B4000.00000004.00000020.00020000.00000000.sdmp, 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000003.354596817.00000000015B4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Nanocore RAT

Source: Yara match	File source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

Remote Access Functionality

Detected Nanocore Rat

Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542169344.0000000003481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.542169344.0000000003481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: dhcpmon.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: dhcpmon.exe, 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: dhcpmon.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: dhcpmon.exe, 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe.0.dr	String found in binary or memory: NanoCore.ClientPluginHost

Yara detected Nanocore RAT

Source: Yara match	File source: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe, type: SAMPLE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b530f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37d30f5.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b49c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37ceacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.dhcpmon.exe.d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44ec0d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f84629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.dhcpmon.exe.37c9c96.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44b30f5.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44aeacc.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.dhcpmon.exe.44a9c96.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.3b4eacc.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.dhcpmon.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe PID: 6536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6776, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 6860, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_05592DBE bind,		0_2_05592DBE
Source: C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	Code function: 0_2_05592D6C bind,		0_2_05592D6C

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Access Token Manipulation	2 Masquerading	21 Input Capture	11 Security Software Discovery	Remote Services	21 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	12 Process Injection	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Remote Access Software	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	3 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	1 Non-Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	21 Application Layer Protocol	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Hidden Files and Directories	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	86%	Virustotal		Browse
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	86%	Metadefender		Browse
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	98%	ReversingLabs	ByteCode-MSIL.Backdoor.NanoCore
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	100%	Avira	TR/Dropper.MSIL.Gen7
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	100%	Avira	TR/Dropper.MSIL.Gen7
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	86%	Metadefender		Browse
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	98%	ReversingLabs	ByteCode-MSIL.Backdoor.NanoCore

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.44e7ab0.3.unpack	100%	Avira	TR/NanoCore.fadte	Download File
3.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
9.2.dhcpmon.exe.db0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
11.0.dhcpmon.exe.d0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
3.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.430000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
11.2.dhcpmon.exe.d0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
0.0.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.ca0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
0.2.8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.5f80000.6.unpack	100%	Avira	TR/NanoCore.fadte	Download File
9.0.dhcpmon.exe.db0000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
khalil3131.ddns.net	100%	Avira URL Cloud	malware
127.0.0.1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
khalil3131.ddns.net	91.109.186.5	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
khalil3131.ddns.net	true	Avira URL Cloud: malware	unknown
127.0.0.1	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
91.109.186.5	khalil3131.ddns.net	France		29075	IELOIELOMainNetworkFR	true

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	624876
Start date and time: 12/05/202207:55:26	2022-05-12 07:55:26 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@10/9@18/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 457 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.152.110.14, 40.125.122.176, 52.242.101.226, 20.223.24.244
Excluded domains from analysis (whitelisted): fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:56:43	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
07:56:46	Task Scheduler	Run new task: DHCP Monitor path: "C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe" s>$(Arg0)
07:56:49	API Interceptor	889x Sleep call for process: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe modified
07:56:50	Task Scheduler	Run new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
91.109.186.5	BUWlTSrygE.exe	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
IELOIELOMainNetworkFR	F3400425AA7DF4AE3D6272E7D100D322F7A090928E849.exe	Get hash	malicious	Browse	91.109.184.3
	latam5.ps1	Get hash	malicious	Browse	141.255.147.170
	14z1d0aPh5.exe	Get hash	malicious	Browse	141.255.144.172
	FA22F00125527DDC58BA27B76C1C571430266C2C8AA57.exe	Get hash	malicious	Browse	91.109.188.10
	9BBAF063C0F092D248C755107F8BA10DFF6739A805F95.exe	Get hash	malicious	Browse	141.255.147.207
	5.bat	Get hash	malicious	Browse	141.255.159.38
	BAF1AC69BCB3B38189678551E6C096EF4D3325862CCB5.exe	Get hash	malicious	Browse	141.255.156.56
	66BTiraic3.exe	Get hash	malicious	Browse	91.109.190.9
	Rkl3uyA2hn.exe	Get hash	malicious	Browse	141.255.146.180
	6064B14A4A3EBEB7FDADFCC8B07A100818ADA8F669774.exe	Get hash	malicious	Browse	91.109.188.5
	1754083E0D13347475732A3D6318F7751877965D53776.exe	Get hash	malicious	Browse	91.109.188.5
	hKGl37XE1r.exe	Get hash	malicious	Browse	141.255.147.246
	latam.bat	Get hash	malicious	Browse	141.255.146.167
	wqdGIRPPkF.exe	Get hash	malicious	Browse	91.109.178.5
	2A4B4367023A26210377909B856EEAD04A5FAB06B3117.exe	Get hash	malicious	Browse	141.255.150.248
	b3astmode.arm7	Get hash	malicious	Browse	188.121.243.155
	l3kruJvJQV.exe	Get hash	malicious	Browse	141.255.157.190
	Qce7J68IaX.exe	Get hash	malicious	Browse	141.255.158.159
	NOTEPAD.BAT	Get hash	malicious	Browse	141.255.146.167
	A Lista de nombres y fechas Odebrecht Lista de nombres y fechas.bat	Get hash	malicious	Browse	141.255.145.19

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	207872
Entropy (8bit):	7.449716258096661
Encrypted:	false
SSDEEP:	3072:szEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIXJPAGTwjgaxODOeSQcY/UShKT:sLV6Bta6dtJmakIM5Ir8PxtPY/1KT
MD5:	DF1DC1A245D93014003E9ECC4F654602
SHA1:	B2F5DA6A917D9535A623DE61C603D03F0D225FB4
SHA-256:	8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D6932715F8885508FB6F988C6
SHA-512:	05E6AF5EA0218F3FA03782437373B68A00E95CD9BC9D90FB36E1575D09C964019B7D54CD57246A0B843E2666AC1338197227B613B6FDCF1963F2A364B508A2C7
Malicious:	true
Yara Hits:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Joe Security Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: ditekSHen Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 86%, Browse Antivirus: ReversingLabs, Detection: 98%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................b........... ........@.. ......................................................................8...W.... ..._........................................................................... ............... ..H............text........ ...................... ..`.reloc..............................@..B.rsrc...._... ...`..................@..@................t.......H...........T............................................................0..Q........o5........o6....-.&......3+..+.... ....3......1..... 2.... ....3.... ............0..E.......s7....-(&s8....-&&s9....,$&s:........s;.............+.....+.....+.....0..........~....o<.....0..........~....o=.....0..........~....o>.....0..........~....o?.....0..........~....o@.....0.............-.&(A...&+...0..$.......~B........-.(...+.-.&+..B...+.~B....0.............-.&(A...&+...0..

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.log

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.2874233355119316
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
MD5:	61CCF53571C9ABA6511D696CB0D32E45
SHA1:	A13A42A20EC14942F52DB20FB16A0A520F8183CE
SHA-256:	3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
SHA-512:	90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log

Download File

Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.2874233355119316
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
MD5:	61CCF53571C9ABA6511D696CB0D32E45
SHA1:	A13A42A20EC14942F52DB20FB16A0A520F8183CE
SHA-256:	3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
SHA-512:	90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
Malicious:	true
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..

C:\Users\user\AppData\Local\Temp\tmp187C.tmp

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1335
Entropy (8bit):	5.213341096764609
Encrypted:	false
SSDEEP:	24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0EIy3xtn:cbk4oL600QydbQxIYODOLedq3J3j
MD5:	0A1F07A06540020B73F62710794160BD
SHA1:	9063FD28DD342A6640746A3D797F1D9FE63B291D
SHA-256:	0C48FB31BC2830791F55EED4BDFE7D63D6A25F13992F45B501E0572DD386C875
SHA-512:	7ECDA872E34779ED83D808AB998D803DEC209E8C87D04A858960ECDFD5650B49D213CC1C1A11615AAFF2CBA54AFEE005CE9AADE5DA486CC6BC751433634B103B
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

C:\Users\user\AppData\Local\Temp\tmp21A4.tmp

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1310
Entropy (8bit):	5.109425792877704
Encrypted:	false
SSDEEP:	24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
MD5:	5C2F41CFC6F988C859DA7D727AC2B62A
SHA1:	68999C85FC7E37BAB9216E0099836D40D4545C1C
SHA-256:	98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
SHA-512:	B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	data
Category:	modified
Size (bytes):	232
Entropy (8bit):	7.089541637477408
Encrypted:	false
SSDEEP:	3:XrURGizD7cnRNGbgCFKRNX/pBK0jCV83ne+VdWPiKgmR7kkmefoeLBizbCuVkqYM:X4LDAnybgCFcps0OafmCYDlizZr/i/Oh
MD5:	9E7D0351E4DF94A9B0BADCEB6A9DB963
SHA1:	76C6A69B1C31CEA2014D1FD1E222A3DD1E433005
SHA-256:	AAFC7B40C5FE680A2BB549C3B90AABAAC63163F74FFFC0B00277C6BBFF88B757
SHA-512:	93CCF7E046A3C403ECF8BC4F1A8850BA0180FE18926C98B297C5214EB77BC212C8FBCC58412D0307840CF2715B63BE68BACDA95AA98E82835C5C53F17EF38511
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:9Sl:9s
MD5:	1DE95590512455690E9C4A8ECD7205E4
SHA1:	C328665D12D5A6291B465792573BD8E3BEF209AD
SHA-256:	6F905D8CEA028A5E82059798F92A7CDAD70D47ACE17D101FC9487DCE33466D4D
SHA-512:	59D9372193DE6B0DBA93596D43492E5652CC6AFA1488F0BF0CAA2A1DBE994BC0DB606BD68B7894D828D20D0F8F62957BA3C86731A79767465FA303F23142FBF8
Malicious:	true
Preview:	....'4.H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat

Download File

Process:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.727585120442808
Encrypted:	false
SSDEEP:	3:oNWXp5vdjkTWSnnggh216d4N:oNWXpF3Unggh54
MD5:	591AEF748C8D2CA5AEC3419BDE1BD8FF
SHA1:	660EC4B1ECCF185F68113A52CA4CF7AC79B614B4
SHA-256:	FE23408EB733D1F845D83D6D2972934FEEF1C0097C7FAB221AD4F41E21523293
SHA-512:	96061B47BEC49B1575FDF414F332D0CBDD6CB3B089E56F1968B03F69839D25CA22CE4EFC96CC7AB42D9B4CCF7F13ACC7ECA38F828D92C7CF806A598684B886FB
Malicious:	false
Preview:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.449716258096661
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
File size:	207872
MD5:	df1dc1a245d93014003e9ecc4f654602
SHA1:	b2f5da6a917d9535a623de61c603d03f0d225fb4
SHA256:	8fa3b2eb7650ac7ff7dbbeed506e3f17b805d64d6932715f8885508fb6f988c6
SHA512:	05e6af5ea0218f3fa03782437373b68a00e95cd9bc9d90fb36e1575d09c964019b7d54cd57246a0b843e2666ac1338197227b613b6fdcf1963f2a364b508a2c7
SSDEEP:	3072:szEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIXJPAGTwjgaxODOeSQcY/UShKT:sLV6Bta6dtJmakIM5Ir8PxtPY/1KT
TLSH:	4C14CF563BE98A3ED2DF85B8611202578378C2E7D9D3F3DA18D851B78B627E40A070D7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................b........... ........@.. .....................................................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x41e792
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1e738	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x22000	0x15fc8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x20000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1c798	0x1c800	False	0.594503837719	data	6.59804476018	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.reloc	0x20000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x22000	0x15fc8	0x16000	False	1.00031072443	data	7.99780343549	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_RCDATA	0x22058	0x15f70	TIM image, Pixel at (10392,19457) Size=2043x65115

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.391.109.186.54978519912816766 05/12/22-07:58:38.292297	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49785	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974419912025019 05/12/22-07:57:00.726091	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49744	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976219912816766 05/12/22-07:57:29.709544	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49762	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976519912816766 05/12/22-07:57:45.216192	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49765	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974419912816718 05/12/22-07:57:02.037427	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49744	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54975419912025019 05/12/22-07:57:14.238146	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49754	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978219912816766 05/12/22-07:58:25.058984	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49782	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974519912816766 05/12/22-07:57:09.662455	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49745	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977019912816718 05/12/22-07:57:58.710592	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49770	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978319912025019 05/12/22-07:58:29.840228	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49783	1991	192.168.2.3	91.109.186.5
91.109.186.5192.168.2.31991497702810290 05/12/22-07:57:57.386403	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	1991	49770	91.109.186.5	192.168.2.3
192.168.2.391.109.186.54978619912816766 05/12/22-07:58:44.794630	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49786	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974519912025019 05/12/22-07:57:07.733942	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49745	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977319912816766 05/12/22-07:58:03.947984	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49773	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54975419912816766 05/12/22-07:57:16.743146	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49754	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976419912025019 05/12/22-07:57:35.770968	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49764	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977019912025019 05/12/22-07:57:57.148651	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49770	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974419912816766 05/12/22-07:57:02.725769	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49744	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978019912025019 05/12/22-07:58:16.673778	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49780	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978319912816766 05/12/22-07:58:31.726985	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49783	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977419912025019 05/12/22-07:58:08.550021	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49774	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977019912816766 05/12/22-07:57:58.935372	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49770	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976219912025019 05/12/22-07:57:27.823235	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49762	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978919912025019 05/12/22-07:58:49.123054	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49789	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976419912816766 05/12/22-07:57:38.690881	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49764	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976519912025019 05/12/22-07:57:43.204061	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49765	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978519912025019 05/12/22-07:58:36.405902	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49785	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54977419912816766 05/12/22-07:58:10.389760	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49774	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974319912816766 05/12/22-07:56:52.560880	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49743	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978019912816766 05/12/22-07:58:18.415033	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49780	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54974319912025019 05/12/22-07:56:50.755839	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49743	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976619912816766 05/12/22-07:57:51.591169	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49766	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978619912025019 05/12/22-07:58:42.971078	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49786	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54975619912816766 05/12/22-07:57:23.127316	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49756	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54975619912025019 05/12/22-07:57:21.352785	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49756	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54976619912025019 05/12/22-07:57:49.806421	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49766	1991	192.168.2.3	91.109.186.5
192.168.2.391.109.186.54978219912025019 05/12/22-07:58:23.335512	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49782	1991	192.168.2.3	91.109.186.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2022 07:56:50.539573908 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:50.668284893 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:50.668468952 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:50.755839109 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.017306089 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.017383099 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.303261995 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.303349972 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.509748936 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.586275101 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.586765051 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.637226105 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.644325972 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.757510900 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:51.918226957 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:51.920588970 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.247191906 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.247437954 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.292334080 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.292467117 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.307349920 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.307497978 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.321219921 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.321297884 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.336314917 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.336502075 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.350361109 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.350434065 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.365328074 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.365421057 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.379390955 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.379463911 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.394315004 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.394382000 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.408458948 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.408603907 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.423321009 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.423480988 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.560709953 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.560879946 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.574340105 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.574445009 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.589399099 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.589541912 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.603425026 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.603625059 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.618385077 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.618510008 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.632329941 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.632508039 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.639597893 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.647301912 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.647418022 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.661343098 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.661408901 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.676328897 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.676493883 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.690356970 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.690505028 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.705364943 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.705516100 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.719393015 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.719518900 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.734338045 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.734464884 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.748327971 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.748451948 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.763458967 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.763600111 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.777298927 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.777380943 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.794317007 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.794421911 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.808258057 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.808419943 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.823251963 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.823363066 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.837270021 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.837399006 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.855340958 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.855494022 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.870321989 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.870464087 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.884305000 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.884403944 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.899338007 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.899445057 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.913316965 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.913398027 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.928405046 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.928531885 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.942298889 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.942693949 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.957298994 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.957470894 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.971311092 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.971438885 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:52.986308098 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:52.986397028 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:53.000297070 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:53.000391006 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:56:53.015319109 CEST	1991	49743	91.109.186.5	192.168.2.3
May 12, 2022 07:56:53.015376091 CEST	49743	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:00.594336987 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:00.725239992 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:00.725336075 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:00.726090908 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:00.896199942 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:00.896255970 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:00.956340075 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:00.956567049 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.076297998 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.076528072 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.209342957 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.211674929 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.396497011 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.397720098 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.577425003 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.577510118 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.746226072 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.747210979 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.789311886 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.789664984 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.804265022 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.804378986 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.818779945 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.820221901 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.833224058 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.833292007 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.847194910 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.849626064 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.862268925 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.863899946 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.876297951 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.876363993 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.891271114 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.891346931 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.905247927 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.905339003 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.920228958 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.920311928 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.935271978 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.937743902 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.950278997 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.950366020 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.964363098 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.965744019 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.979245901 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.979310036 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:01.993261099 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:01.993336916 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.008265972 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.008368969 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.022274971 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.022600889 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.037321091 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.037426949 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.052340984 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.053704977 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.067253113 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.069699049 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.082319021 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.082442999 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.097340107 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.097754002 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.111298084 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.111356974 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.127286911 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.127348900 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.140204906 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.140322924 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.155224085 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.157727957 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.169176102 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.169253111 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.184283018 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.186355114 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.204301119 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.204725981 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.218271971 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.218390942 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.234231949 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.234359026 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.250294924 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.250355959 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.263221979 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.264426947 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.278284073 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.278937101 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.292284966 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.293031931 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.307320118 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.309706926 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.322433949 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.323429108 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.337440014 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.339099884 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.412302971 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.417232037 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.417252064 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.425616026 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.429758072 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.440258026 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.440692902 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.455218077 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.455722094 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.456721067 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.470688105 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.470788956 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.528357983 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.532746077 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.544297934 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.545769930 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.558326006 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.559609890 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.573288918 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.575849056 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.588218927 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.593770981 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.596685886 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.603269100 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.605767012 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.617372990 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.617777109 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.632246971 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.632781982 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.646239996 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.647811890 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.661297083 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.665766001 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.675257921 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.677803993 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.690311909 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.692821980 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.704271078 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.704819918 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.719268084 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.719841003 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.725769043 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.734230995 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.737787962 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.748198986 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.748270035 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.764234066 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.764364958 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.778476000 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.779166937 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.779248953 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.793277979 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.793340921 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.809339046 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.809397936 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.831278086 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.831366062 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.838079929 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.838208914 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.849282980 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.851820946 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.859323025 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.859385014 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.866214037 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.869812012 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.880327940 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.881792068 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.884161949 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.884340048 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.895426035 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.896821022 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.910346985 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.911883116 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.924323082 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.928268909 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.928427935 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.929723024 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.943296909 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.944852114 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.957329035 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.959902048 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.973282099 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.977801085 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:02.987371922 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:02.988567114 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.002355099 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.004829884 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.016338110 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.016820908 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.031339884 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.031852961 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.045423985 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.049827099 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.061305046 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.061825037 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.076359987 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.081850052 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.090322971 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.090404987 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.105365038 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.105460882 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.119287968 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.119452953 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.135271072 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.135462999 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:03.146157980 CEST	1991	49744	91.109.186.5	192.168.2.3
May 12, 2022 07:57:03.146348000 CEST	49744	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:07.605781078 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:07.733237982 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:07.733458996 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:07.733942032 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:07.916178942 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:07.916304111 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.008150101 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.008418083 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.098261118 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.098412037 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.176146984 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.229221106 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.229444027 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.407335043 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.407500029 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.586149931 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.586267948 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.766159058 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.766252041 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.941267014 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.941462994 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.984308958 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.984436989 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:08.999315977 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:08.999500036 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.014319897 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.014507055 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.028142929 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.028316021 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.042349100 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.042557955 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.058295965 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.058506012 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.071249008 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.071446896 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.086287975 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.086458921 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.100238085 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.100317001 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.116017103 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.116170883 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.132566929 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.132771969 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.146323919 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.146401882 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.161237955 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.161425114 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.178150892 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.178306103 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.190151930 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.190305948 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.204390049 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.204550028 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.219293118 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.219383001 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.234608889 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.234750032 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.254028082 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.254210949 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.267453909 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.267631054 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.282318115 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.282466888 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.297849894 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.297966003 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.311192036 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.311292887 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.325182915 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.325342894 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.340195894 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.340332985 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.354132891 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.354319096 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.369118929 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.369296074 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.384259939 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.384418011 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.398219109 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.398401022 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.412267923 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.412448883 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.426276922 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.426456928 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.441318035 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.441565990 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.455274105 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.455426931 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.471267939 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.471360922 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.485272884 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.485382080 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.499183893 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.499309063 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.514158010 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.514347076 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.528321981 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.528443098 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.542335033 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.542443037 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.571248055 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.571340084 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.584233999 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.584351063 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.599226952 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.599380016 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.613250017 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.613367081 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.662285089 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.662412882 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.662455082 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.679771900 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.679867983 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.683837891 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.711172104 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.711282969 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.725164890 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.725253105 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.739274025 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.739356995 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.755232096 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.755373955 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.772192955 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.772285938 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.786401033 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.786541939 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.801168919 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.801290989 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.815186024 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.815301895 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.830137968 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.830255032 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.844225883 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.844338894 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.859217882 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.859333038 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.873277903 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.873414040 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.888254881 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.888355017 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.902249098 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.902343988 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.917171001 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.917285919 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.931297064 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.931444883 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.947179079 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.947302103 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.960341930 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.960441113 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.977233887 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.977341890 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:09.991206884 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:09.991297007 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.006259918 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.006372929 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.020163059 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.020270109 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.035212040 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.035290003 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.050242901 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.050390959 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.066262007 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.066345930 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.068140984 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.068273067 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:10.078233004 CEST	1991	49745	91.109.186.5	192.168.2.3
May 12, 2022 07:57:10.078326941 CEST	49745	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.108145952 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.236170053 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.237462044 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.238146067 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.427242994 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.427339077 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.490150928 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.490278006 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.606225967 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.608227015 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.740195990 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.767452955 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:14.946194887 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:14.946326017 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.127113104 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.127208948 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.307936907 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.308093071 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.341372013 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.341526031 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.356163025 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.356239080 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.371165991 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.371314049 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.386193991 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.386346102 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.400166988 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.400300980 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.414153099 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.414283037 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.428196907 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.428352118 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.443181038 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.443249941 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.457329035 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.457457066 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.472229004 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.472403049 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.495183945 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.496381998 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.509221077 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.509310961 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.523103952 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.523164988 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.538168907 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.538268089 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.552186966 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.552365065 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.566184044 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.566370964 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.589226961 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.589343071 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.602302074 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.602368116 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.617203951 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.617294073 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.631213903 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.631342888 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.646195889 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.646270990 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.661180973 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.661278963 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.676225901 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.676286936 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.689249039 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.689368010 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.705188036 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.705343962 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.720273972 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.720429897 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.733185053 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.733341932 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.749207020 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.749274015 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.762300968 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.762412071 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.777277946 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.777446032 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.792212963 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.792407990 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.807126999 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.807209969 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.820223093 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.820292950 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.835289955 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.835362911 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.850280046 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.850440979 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.864321947 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.864463091 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.879235983 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.879614115 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.894252062 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.894346952 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.908231020 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.908374071 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.923335075 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.923496008 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.937293053 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.937450886 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.970259905 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.970330000 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.970401049 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:15.997200012 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:15.997267008 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.011265039 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.011405945 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.079293966 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.079480886 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.082490921 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.092211008 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.092374086 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.122250080 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.122494936 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.136167049 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.136338949 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.163402081 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.163960934 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.179251909 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.179451942 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.182437897 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.192380905 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.192589998 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.208225965 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.208420038 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.222210884 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.222385883 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.236279011 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.236432076 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.253283024 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.253448009 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.267302990 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.267551899 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.281436920 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.281682014 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.296222925 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.296406984 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.311388016 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.311574936 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.325258970 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.325438023 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.340715885 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.340939999 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.354358912 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.354546070 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.369221926 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.369386911 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.384243965 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.384403944 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.397222996 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.397377968 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.412352085 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.412537098 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.426265001 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.426431894 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.442328930 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.442492008 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.469279051 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.469475031 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.476418972 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.476654053 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.486383915 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.486618996 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.496360064 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.496567011 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.500158072 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.500317097 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.514245987 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.514413118 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.528188944 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.528259039 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.543185949 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.543324947 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.558252096 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.558451891 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.563127041 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.563278913 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.574187994 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.574382067 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.588207960 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.588373899 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.594125032 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.594310999 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.610153913 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.610323906 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.624140978 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.624294043 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.639235973 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.639358997 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.652228117 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.652462006 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.670241117 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.670511007 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.679263115 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.679456949 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.685180902 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.685353041 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.699264050 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.699449062 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.714162111 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.714318991 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.724179029 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.724334955 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.730137110 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.730285883 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.743145943 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.745157957 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.745280027 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.753190994 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.753372908 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.781224012 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.781388044 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.796194077 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.796286106 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.811187983 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.811291933 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.824153900 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.824235916 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.840142012 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.840205908 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.855148077 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.855214119 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.862721920 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.870137930 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.870192051 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.883156061 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.883213043 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.898184061 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.898318052 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.913217068 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.913402081 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.928175926 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.928412914 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.941344023 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.941415071 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.964312077 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.964396954 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.979231119 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.979441881 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:16.993325949 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:16.993587017 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:17.008281946 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:17.008502960 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:17.022291899 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:17.022571087 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:17.037220001 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:17.037300110 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:17.051251888 CEST	1991	49754	91.109.186.5	192.168.2.3
May 12, 2022 07:57:17.051439047 CEST	49754	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.224463940 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.351105928 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:21.351504087 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.352785110 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.538142920 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:21.538451910 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.608218908 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:21.608382940 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.715161085 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:21.715776920 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:21.847093105 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:21.847209930 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.027113914 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.027215004 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.207061052 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.207169056 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.388086081 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.388171911 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.422199965 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.422271013 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.436606884 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.436686993 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.452506065 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.452598095 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.467618942 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.467716932 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.480211973 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.480283976 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.494174957 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.494288921 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.510839939 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.510937929 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.523984909 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.524070024 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.539057970 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.539194107 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.553488970 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.553668022 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.571228027 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.571315050 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.586447001 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.586608887 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.600162983 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.600266933 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.615195036 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.615317106 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.629199982 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.629295111 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.644288063 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.644391060 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.658206940 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.658277988 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.672192097 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.672370911 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.686187029 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.686304092 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.701185942 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.701328039 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.716269970 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.716381073 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.730247021 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.730329037 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.745239973 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.745414019 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.759208918 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.759288073 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.773215055 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.773372889 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.788286924 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.788511992 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.803222895 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.803329945 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.817198038 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.817274094 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.834248066 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.834316969 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.848165035 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.848232031 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.865235090 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.865379095 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.880227089 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.880323887 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.896197081 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.896378040 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.911221027 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.911329031 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.924335957 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.924407959 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.940151930 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.940223932 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.954210997 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.954298973 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.969188929 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.969315052 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:22.983181953 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:22.983279943 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.098349094 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.098520994 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.098602057 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.112155914 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.112329006 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.127221107 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.127285004 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.127315998 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.142131090 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.142205000 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.184264898 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.185781956 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.188767910 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.202198029 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.202318907 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.218127966 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.218413115 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.231283903 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.231369019 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.247184038 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.247271061 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.261135101 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.261599064 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.276207924 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.276272058 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.291821957 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.291930914 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.307699919 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.309222937 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.321531057 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.323765993 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.337199926 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.337353945 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.351527929 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.351630926 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.366206884 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.366296053 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.380173922 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.380376101 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.397602081 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.397773981 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.413505077 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.413595915 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.428143978 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.428231001 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.442184925 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.442264080 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.459197044 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.459279060 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.465121031 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.467673063 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.475241899 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.475644112 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.489223003 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.491447926 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.504091024 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.504169941 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.518146038 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.518727064 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:23.532248020 CEST	1991	49756	91.109.186.5	192.168.2.3
May 12, 2022 07:57:23.532589912 CEST	49756	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:27.684144020 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:27.811183929 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:27.811425924 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:27.823235035 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:27.997112036 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:27.998092890 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.067105055 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.067337036 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.177073002 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.177376032 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.310328007 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.311702967 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.482076883 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.482239962 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.658210039 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.658400059 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.837132931 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.837311983 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.886174917 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.886351109 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.901223898 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.903248072 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.915133953 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.915235996 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.930116892 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.930275917 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.944180012 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.944281101 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.959176064 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.959278107 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.973206997 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.974062920 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:28.988204002 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:28.988351107 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.002355099 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.002641916 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.017183065 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.018801928 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.022959948 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.038160086 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.038333893 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.052227974 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.053584099 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.067137957 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.067208052 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.081301928 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.081499100 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.097170115 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.097248077 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.112092972 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.116105080 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.155246973 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.155370951 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.170242071 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.170325041 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.184117079 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.184200048 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.199171066 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.199273109 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.215207100 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.215315104 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.230180025 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.230340958 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.244154930 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.244359016 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.260248899 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.260332108 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.273709059 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.273767948 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.288134098 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.288201094 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.302180052 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.302263975 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.317722082 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.317790985 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.332200050 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.332389116 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.348759890 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.348891020 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.363193989 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.363416910 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.377171040 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.377477884 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.393033981 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.393274069 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.406997919 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.407176971 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.421226978 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.421330929 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.437110901 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.437285900 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.451107025 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.451257944 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.464157104 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.464257956 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.479181051 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.479336977 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.506144047 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.506335020 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.521192074 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.521308899 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.535214901 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.535398960 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.564287901 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.564555883 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.565386057 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.579262018 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.579474926 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.608340025 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.608578920 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.622277021 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.622572899 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.651428938 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.651618004 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.667176008 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.667376041 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.682244062 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.682434082 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.709249020 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.709506989 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.709543943 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.725157022 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.725375891 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.740267038 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.740508080 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.756222010 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.756438017 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.770190001 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.770459890 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.785202026 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.785465956 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.799165010 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.799248934 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.814182043 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.814279079 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.825932980 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.830174923 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.830244064 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.845185041 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.845279932 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.859164953 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.859366894 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.874238014 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.874476910 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.888258934 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.888427019 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.903192043 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.903429031 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.917229891 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.917468071 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.932236910 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.932468891 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.946207047 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.946444988 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.961252928 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.961543083 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.975169897 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.975378990 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.987395048 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.987641096 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.992114067 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.992292881 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:29.999217987 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:29.999454021 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.009268045 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.009464025 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.013088942 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.013268948 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.027214050 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.027456045 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.042095900 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.042268991 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.056232929 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.056447983 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.071223021 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.071403980 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.073045015 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.073194981 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.087126970 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.087312937 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.101135015 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.101336002 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.103007078 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.103161097 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.118266106 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.118407965 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.132141113 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.132313967 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.146173954 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.146337032 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.161216974 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.161375999 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.163042068 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.163140059 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.180268049 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.180455923 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.194200039 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.194389105 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.196053982 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.196161032 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.210205078 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.210329056 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:30.225132942 CEST	1991	49762	91.109.186.5	192.168.2.3
May 12, 2022 07:57:30.225210905 CEST	49762	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:35.145966053 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:35.274143934 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:35.274362087 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:35.770967960 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:35.946074963 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:35.946271896 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.015079021 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.015201092 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.128122091 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.128334045 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.186949015 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.187066078 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.260160923 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.326157093 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.367079020 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.411257982 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.587060928 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.587276936 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.768136024 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.768381119 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:36.946193933 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.979166031 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.994173050 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:36.994378090 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.008217096 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.024210930 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.024399996 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.037118912 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.052171946 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.052340031 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.066138029 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.081135035 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.081329107 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.095166922 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.110183954 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.110421896 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.136162043 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.151122093 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.151324034 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.165131092 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.180140018 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.180299997 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.195164919 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.211221933 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.211438894 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.224277020 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.239236116 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.239454985 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.253196001 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.268263102 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.268544912 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.282304049 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.297269106 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.297436953 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.311218023 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.326258898 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.326659918 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.340161085 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.355181932 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.355387926 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.369105101 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.384176016 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.384356022 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.398099899 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.413186073 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.413422108 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.427181959 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.442204952 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.442488909 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.456196070 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.471127033 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.471256018 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.485165119 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.500183105 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.500348091 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.514199018 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.529202938 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.529411077 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.543183088 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.558223963 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.558409929 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.569219112 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.572263002 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.572417974 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.587201118 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.587272882 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.603296995 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.603471041 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.617208004 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.617403984 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.664048910 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.664294004 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.693234921 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.693435907 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.722116947 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.722270966 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.722798109 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.736221075 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.736305952 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.778220892 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.778322935 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.792181015 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.792417049 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.807272911 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.807527065 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.821221113 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.821423054 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.836194992 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.836285114 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.850202084 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.850328922 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.865184069 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.865267992 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.879120111 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.879192114 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.879297972 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.894105911 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.894238949 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.910181046 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.910273075 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.924257994 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.924452066 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.939205885 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.939327002 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.939816952 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.953121901 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.953207970 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.968132973 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.968216896 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.982167959 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.982280970 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:37.997173071 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:37.997276068 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.011194944 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.011487961 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.026294947 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.026379108 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.029314041 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.040257931 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.040333033 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.056077957 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.056267023 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.070144892 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.070451021 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.095244884 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.095474005 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.107225895 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.107717991 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.107764006 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.112155914 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.112440109 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.131181002 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.131434917 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.146248102 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.146482944 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.160131931 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.160314083 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.176213980 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.176492929 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.187114954 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.187252998 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.202205896 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.202425003 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.204813004 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.206857920 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.207063913 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.222146034 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.222347975 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.232182980 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.232263088 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.238017082 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.238111973 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.252166986 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.252229929 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.262115002 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.262217999 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.268115044 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.268213034 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.283185959 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.283365965 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.297149897 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.297321081 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.312272072 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.312434912 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.327127934 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.327292919 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.341111898 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.341274977 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.352118015 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.352232933 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.357039928 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.357182026 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.368138075 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.368302107 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.372057915 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.376940966 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.383053064 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.383218050 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.400182962 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.400275946 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.401906967 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.547251940 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.547454119 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.547487020 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.687136889 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.687304020 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.690881014 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.727072001 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.811420918 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.837104082 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.837266922 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.852102041 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.852224112 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.866029978 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.866195917 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.881186008 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.881370068 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.895222902 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.895391941 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.910228014 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.910394907 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.924088955 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.924256086 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.939172983 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.939332962 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.953161955 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.953349113 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.968187094 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.968383074 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.982173920 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.982377052 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:38.997200012 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:38.997370005 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:39.011163950 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:39.011324883 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:39.026128054 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:39.026299000 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:39.045074940 CEST	1991	49764	91.109.186.5	192.168.2.3
May 12, 2022 07:57:39.045248985 CEST	49764	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.076544046 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.202945948 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.203052998 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.204061031 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.386095047 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.386324883 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.445135117 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.445290089 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.567053080 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.567145109 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.627016068 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.627110958 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.699048996 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.748569965 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.806991100 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.807101011 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:43.987215996 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:43.987291098 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:44.166104078 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:44.166188002 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:44.346415997 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:44.346502066 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:44.526017904 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:44.529457092 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:44.706934929 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:44.707799911 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:44.887062073 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:44.887151957 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.064466000 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.069530964 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.100086927 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.101110935 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.115005970 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.117144108 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.129010916 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.131535053 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.143996954 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.145498037 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.158004045 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.161501884 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.173054934 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.173199892 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.187027931 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.187171936 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.202020884 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.202112913 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.216018915 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.216192007 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.231084108 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.231200933 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.256025076 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.256120920 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.264813900 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.271125078 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.271210909 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.285098076 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.285257101 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.300035954 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.300235033 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.314043045 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.314201117 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.329133034 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.329307079 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.343064070 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.343120098 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.358254910 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.358375072 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.372231007 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.372472048 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.388144016 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.388314962 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.402059078 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.402250051 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.417073011 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.417242050 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.431071043 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.431296110 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.446080923 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.446322918 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.462097883 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.462322950 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.477006912 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.477190971 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.491039991 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.491153002 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.507083893 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.507281065 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.522099972 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.522285938 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:45.536061049 CEST	1991	49765	91.109.186.5	192.168.2.3
May 12, 2022 07:57:45.536190987 CEST	49765	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:49.670752048 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:49.798986912 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:49.799134016 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:49.806421041 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:49.978082895 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:49.978154898 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.063925982 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.064069033 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.156944990 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.157083035 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.235937119 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.288094997 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.288234949 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.458005905 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.458158970 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.637017965 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.637093067 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.816039085 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.816122055 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:50.991077900 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:50.991270065 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.029114008 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.029192924 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.044085026 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.044197083 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.058044910 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.058295965 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.073103905 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.073163033 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.087080002 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.087157011 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.102108002 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.102299929 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.116096020 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.116210938 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.132030010 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.132102013 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.145045042 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.145134926 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.160072088 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.160240889 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.176094055 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.176213026 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.191051006 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.191159964 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.205044985 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.205221891 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.221136093 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.221858978 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.235079050 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.235290051 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.249099970 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.249205112 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.263066053 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.264025927 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.278052092 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.280049086 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.292092085 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.292248964 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.307090044 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.308084011 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.327114105 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.330051899 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.341070890 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.341146946 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.356086969 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.356245995 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.370009899 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.372049093 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.385021925 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.385130882 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.399046898 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.401246071 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.415098906 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.417104006 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.428102016 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.428268909 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.443115950 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.443583012 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.456971884 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.457068920 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.471992970 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.474041939 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.486027956 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.486277103 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.503076077 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.503184080 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.517163038 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.517395973 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.532052994 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.532131910 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.546056986 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.546231031 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.561038971 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.561235905 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.575052977 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.575171947 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.591105938 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.591169119 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.604074001 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.604192019 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.646056890 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.650104046 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.686017990 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.686116934 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.701056004 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.701134920 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.703260899 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.744091988 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.748370886 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.784173012 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.784353971 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.811997890 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.816741943 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.826071024 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.826244116 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.841032982 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.841104984 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.869007111 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.870134115 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.884047031 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.886076927 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.898047924 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.902098894 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.913043976 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.913754940 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.932208061 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.937016010 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.948172092 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.949920893 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.962270021 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.962380886 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.977096081 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.977653027 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:51.991230965 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:51.991426945 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.006016016 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.010152102 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.020076990 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.020194054 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.035027027 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.035104990 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.048976898 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.049079895 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.065870047 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.068134069 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.080248117 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.083034039 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.116023064 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.119303942 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:52.121985912 CEST	1991	49766	91.109.186.5	192.168.2.3
May 12, 2022 07:57:52.122654915 CEST	49766	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.019690990 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.147917986 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.148037910 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.148650885 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.316524982 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.316587925 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.386403084 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.386523008 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.495945930 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.496033907 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.590214014 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.690968990 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.691060066 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:57.875911951 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:57.875991106 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.057904959 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.058017969 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.246004105 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.246093035 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.277105093 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.277182102 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.292022943 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.292143106 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.306978941 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.307095051 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.320975065 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.321069002 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.336015940 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.336080074 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.350970984 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.351075888 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.364988089 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.365078926 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.380038023 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.380100965 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.393970013 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.394035101 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.408942938 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.409010887 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.606061935 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.606142044 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.621030092 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.621153116 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.622159004 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.635059118 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.635137081 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.651011944 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.651074886 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.664012909 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.664074898 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.678987026 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.679049969 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.692986965 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.693058014 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.707964897 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.708031893 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.710592031 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.724880934 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.724973917 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.737456083 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.737585068 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.751624107 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.751760960 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.765944958 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.766024113 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.780469894 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.780565977 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.795341969 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.795397997 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.811738968 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.811793089 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.830105066 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.830280066 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.840006113 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.840066910 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.864038944 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.864145994 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:58.887969017 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.935128927 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:58.935372114 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.031764984 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.184024096 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:59.184206963 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.198071957 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:59.198267937 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.216056108 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:59.216187954 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.229026079 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:59.229131937 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:57:59.244012117 CEST	1991	49770	91.109.186.5	192.168.2.3
May 12, 2022 07:57:59.244157076 CEST	49770	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:03.802051067 CEST	49773	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:03.930165052 CEST	1991	49773	91.109.186.5	192.168.2.3
May 12, 2022 07:58:03.930326939 CEST	49773	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:03.947983980 CEST	49773	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:04.074842930 CEST	1991	49773	91.109.186.5	192.168.2.3
May 12, 2022 07:58:08.421519995 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.548933029 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:08.549099922 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.550020933 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.718163967 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:08.720174074 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.792748928 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:08.792834997 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.925858974 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:08.926004887 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:08.976876974 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.057959080 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.058126926 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.234853029 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.234936953 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.417850971 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.417942047 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.591859102 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.591928959 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.635987043 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.636167049 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.650962114 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.651037931 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.664840937 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.664906979 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.679975986 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.680108070 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.693909883 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.694025993 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.708915949 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.709012032 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.722929001 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.723004103 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.737925053 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.738008976 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.752012014 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.752096891 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.766928911 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.767015934 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.780982971 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.781095982 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.795005083 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.795088053 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.812074900 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.812143087 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.827019930 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.827195883 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.840966940 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.841145039 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.855937958 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.856029987 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.869957924 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.870043993 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.885701895 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.885838985 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.898071051 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.898171902 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.913980961 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.914119959 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.928037882 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.928119898 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.942935944 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.943018913 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.957957029 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.958086014 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.972948074 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.973058939 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:09.992948055 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:09.993045092 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.007039070 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.007112980 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.021955967 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.022100925 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.035012007 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.035103083 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.049963951 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.050184965 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.064980030 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.065107107 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.079972982 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.080092907 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.093947887 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.094029903 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.108925104 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.108989954 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.123014927 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.123081923 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.138036013 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.138137102 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.151962042 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.152076006 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.166961908 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.167102098 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.180917025 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.180975914 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.195969105 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.196042061 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.222956896 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.223037958 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.237936974 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.238055944 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.238317013 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.252015114 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.252121925 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.269979000 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.271656036 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.286029100 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.286127090 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.327970982 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.328069925 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.343985081 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.344089985 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.359960079 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.360080957 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.374038935 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.375036001 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.389033079 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.389715910 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.389760017 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.402940989 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.403027058 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.417958021 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.418107986 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.431962013 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.432084084 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.438663006 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.447113037 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.449367046 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.460213900 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.460324049 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.476105928 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.478468895 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.489970922 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.490042925 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.505160093 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.505263090 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.518910885 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.521358967 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.533854008 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.534183979 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.549839020 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.550050020 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.565013885 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.565084934 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.585402012 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.585524082 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.598893881 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.601809978 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.614553928 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.614636898 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.631077051 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.631196976 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.645032883 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.645112038 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.650881052 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.653713942 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.660897970 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.662282944 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.679013968 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.679728031 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.693049908 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.693176031 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.706976891 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.707139969 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.708780050 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.708882093 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.722866058 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.723001957 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.737896919 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.738261938 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.751939058 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.752942085 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.765065908 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.767697096 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.768830061 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.768994093 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.782941103 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.783117056 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.796964884 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.797154903 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.811948061 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.812067032 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.825968981 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.826126099 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.827790976 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.831732035 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.844960928 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.845052958 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.859107018 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.859308004 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.872996092 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.873212099 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.888112068 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.888287067 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:10.889931917 CEST	1991	49774	91.109.186.5	192.168.2.3
May 12, 2022 07:58:10.890018940 CEST	49774	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:16.521085978 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:16.647933006 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:16.648159981 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:16.673778057 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:16.846867085 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:16.846967936 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:16.912825108 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:16.912983894 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.017874956 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.018064976 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.148905993 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.149111032 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.317876101 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.318206072 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.496850967 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.497060061 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.677859068 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.677946091 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.851905107 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.854558945 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.894965887 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.895405054 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.910037994 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.911792994 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.924057961 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.926956892 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.939043045 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.939261913 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.952816963 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.954356909 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.967992067 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.968136072 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.981981993 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.982182980 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:17.997035980 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:17.997211933 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.010921955 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.011046886 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.025909901 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.026021004 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.042040110 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.042296886 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.055973053 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.056063890 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.070013046 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.070302010 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.084892035 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.085036039 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.098896980 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.102556944 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.113883972 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.114212036 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.127882004 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.128221035 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.142874956 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.144623995 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.156889915 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.157026052 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.172024965 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.172117949 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.185956001 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.187071085 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.200934887 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.201092005 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.219938040 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.220029116 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.234891891 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.238231897 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.248929977 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.249069929 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.263931036 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.264034033 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.277914047 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.277985096 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.292876005 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.292969942 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.306924105 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.307023048 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.322877884 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.323024035 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.339880943 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.340111017 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.353910923 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.354013920 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.368922949 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.369055986 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.383907080 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.384007931 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.397952080 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.398042917 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.414926052 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.415033102 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.428845882 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.429038048 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.443887949 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.444037914 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.459922075 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.460122108 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.474104881 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.474221945 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.488907099 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.489082098 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.502876043 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.503000021 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.517963886 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.518146992 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.532902956 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.533020020 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.538064003 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.547938108 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.548126936 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.561834097 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.561923981 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.576858997 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.576936960 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.590915918 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.591043949 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.605945110 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.606091022 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.619889975 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.620017052 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.636919975 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.637095928 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.650911093 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.651076078 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.665920019 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.666116953 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.679872990 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.680016994 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.694880962 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.694952965 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.708879948 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.709027052 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.723958969 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.724142075 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.740912914 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.741041899 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.754930019 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.755108118 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.769903898 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.770060062 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.783878088 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.784056902 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.798922062 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.799050093 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.812959909 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.813049078 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.827867031 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.827927113 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.841867924 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.842009068 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.856869936 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.856961012 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.870891094 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.871032953 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.885858059 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.885963917 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.899903059 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.899981976 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:18.914916039 CEST	1991	49780	91.109.186.5	192.168.2.3
May 12, 2022 07:58:18.915092945 CEST	49780	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.166053057 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.292841911 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:23.292979956 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.335511923 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.506843090 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:23.506969929 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.560818911 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:23.561660051 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.686830997 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:23.686898947 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:23.820904970 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:23.822766066 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.006812096 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.006961107 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.186958075 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.187083006 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.223984957 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.224895954 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.237900972 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.238034010 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.252923965 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.256285906 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.266916990 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.267021894 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.281918049 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.282015085 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.295891047 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.296087980 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.310843945 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.312891006 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.324907064 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.325186014 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.339950085 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.340068102 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.360985994 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.363910913 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.408935070 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.409185886 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.422981024 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.423078060 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.438245058 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.438427925 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.451915026 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.451984882 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.466878891 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.466968060 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.480835915 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.480988026 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.495826960 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.495893955 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.509864092 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.510076046 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.524863958 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.526632071 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.538898945 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.538961887 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.553854942 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.553919077 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.568036079 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.571145058 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.582881927 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.583019018 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.596838951 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.597244978 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.611896992 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.612560987 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.625952959 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.627904892 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.640810966 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.643924952 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.654931068 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.655987024 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.669889927 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.671977997 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.683839083 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.686964989 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.698889971 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.704960108 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.712975979 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.715270996 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.732863903 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.734930992 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.747817993 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.748941898 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.761914968 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.764961958 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.779165030 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.780965090 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.790914059 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.791095018 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.808012009 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.810936928 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.819948912 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.824835062 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.837068081 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.837739944 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.852369070 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.852626085 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.856533051 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.865956068 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.868951082 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.879997969 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.880947113 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.912899971 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.916986942 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.930922985 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.932938099 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.944901943 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.948615074 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.969871044 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.969955921 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.984817028 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.984985113 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:24.998990059 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:24.999172926 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.002985954 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.013938904 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.016753912 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.029910088 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.031086922 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.043828011 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.048656940 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.058808088 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.058892965 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.058984041 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.072835922 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.072946072 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.088447094 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.089010000 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.103962898 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.106981993 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.117830038 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.117897034 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.133806944 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.133929014 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.147974014 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.148488045 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.163646936 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.163696051 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.174587011 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.177349091 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.178205013 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.192857027 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.195031881 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.207859993 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.208018064 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.220840931 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.222800016 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.235908985 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.238966942 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.250931978 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.251069069 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.264878035 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.267929077 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.281858921 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.281996965 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.298880100 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.299015045 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.313834906 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.313967943 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.324007034 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.324145079 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.333842039 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.333900928 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.343952894 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.344038010 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.353873014 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.353988886 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.361747980 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.361848116 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.364614964 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.364684105 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.378848076 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.378927946 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.380676985 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.380745888 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.395863056 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.395996094 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.409950972 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.410090923 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.424911976 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.425005913 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.438848972 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.438903093 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.458848953 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.458992004 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.473839998 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.473985910 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.487890005 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.488001108 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:25.502968073 CEST	1991	49782	91.109.186.5	192.168.2.3
May 12, 2022 07:58:25.503127098 CEST	49782	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:29.567656040 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:29.828835011 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:29.828993082 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:29.840228081 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:30.258814096 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:30.258955956 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:30.297749996 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:30.297864914 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:30.665783882 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:30.665891886 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:30.821872950 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:30.821965933 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:30.997852087 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:30.997955084 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.167747974 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.167879105 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.341826916 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.344367981 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.382879019 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.383197069 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.397861004 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.397937059 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.411914110 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.411983013 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.425896883 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.426872015 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.440865040 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.440915108 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.454854965 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.455533028 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.469868898 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.472522020 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.483834028 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.484380960 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.498913050 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.500494957 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.512887955 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.512962103 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.537914038 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.540580034 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.551884890 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.556150913 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.567926884 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.568742990 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.581886053 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.584243059 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.596976042 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.600637913 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.610924006 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.613486052 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.625876904 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.628444910 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.639925003 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.641540051 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.654892921 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.656611919 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.668901920 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.672111988 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.683912992 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.684590101 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.697873116 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.701121092 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.712893009 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.716237068 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.726890087 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.726984978 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.741853952 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.741967916 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.755896091 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.757091999 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.770875931 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.773571968 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.785872936 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.786072969 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.801891088 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.802006960 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.815861940 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.816844940 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.830884933 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.830981016 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.844894886 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.845596075 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.859903097 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.861603975 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.873904943 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.875916004 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.878164053 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.888945103 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.893548965 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.904071093 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.904273033 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.917917013 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.918021917 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.931782007 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.933530092 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:31.946815968 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:31.949579954 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.004842997 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.005141973 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.020843983 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.020930052 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.095861912 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.096673012 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.109836102 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.112304926 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.140525103 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.140633106 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.153510094 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.153676987 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.168504953 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.171607971 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.181823969 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.183964968 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.197671890 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.199691057 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.211596012 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.211707115 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.227020979 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.227763891 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.240778923 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.240876913 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.255959034 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.258001089 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.268891096 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.270508051 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.283900976 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.283993006 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.297933102 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.298099995 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.312865019 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.313023090 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.326843977 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.327003002 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.341871023 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.341929913 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.355832100 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.355940104 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.370918989 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.371009111 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:32.384880066 CEST	1991	49783	91.109.186.5	192.168.2.3
May 12, 2022 07:58:32.385045052 CEST	49783	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.277724028 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.404704094 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:36.404824972 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.405901909 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.586740971 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:36.586823940 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.649736881 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:36.650181055 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.764707088 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:36.764969110 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:36.895726919 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:36.895862103 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.079163074 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.079305887 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.256689072 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.257725954 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.440824986 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.442056894 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.616780996 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.616970062 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.655898094 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.657737970 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.670810938 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.670989990 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.685873985 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.688079119 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.699798107 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.699949026 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.713799000 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.716617107 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.728804111 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.729007959 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.742872000 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.745754004 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.757844925 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.758022070 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.772073030 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.772249937 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.785929918 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.786109924 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.803956032 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.804826021 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.817985058 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.819325924 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.833885908 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.834083080 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.848855019 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.848984003 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.864865065 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.864943981 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.879802942 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.879897118 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.893830061 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.894309044 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.908895969 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.909780025 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.922801018 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.922911882 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.937835932 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.938054085 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.952846050 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.952974081 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.966794968 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.966885090 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.980741978 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.982144117 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:37.995865107 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:37.997230053 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.015799999 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.015925884 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.029747009 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.033126116 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.046813965 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.049972057 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.060811996 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.060895920 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.075809002 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.075985909 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.089876890 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.092591047 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.104813099 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.104912043 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.118865013 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.118957043 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.135792971 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.136167049 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.149794102 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.150089979 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.165895939 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.166006088 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.180761099 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.181066036 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.194850922 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.196703911 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.222951889 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.223035097 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.249979973 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.250103951 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.263988018 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.264187098 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.292016983 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.292175055 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.292296886 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.305970907 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.306087971 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.320821047 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.320914030 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.348608971 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.376844883 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.376924038 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.391778946 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.391859055 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.420706987 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.420784950 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.434760094 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.434870958 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.449712992 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.449836016 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.463696003 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.463787079 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.479676008 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.479758978 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.492777109 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.492903948 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.507733107 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.507853985 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.524791956 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.524878025 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.539715052 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.539834023 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.553754091 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.553858042 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.568716049 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.568828106 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.582783937 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.582889080 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.598722935 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.598824024 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.612756968 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.612931013 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.626753092 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.626852036 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.649743080 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.649918079 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.665747881 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.665815115 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.678675890 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.678761959 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.693711042 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.693789959 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.707743883 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.707839966 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.723761082 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.723839045 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.731627941 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.731692076 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.741691113 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.741820097 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.743607998 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.743679047 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:38.753734112 CEST	1991	49785	91.109.186.5	192.168.2.3
May 12, 2022 07:58:38.753793955 CEST	49785	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:42.841908932 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:42.968785048 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:42.970578909 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:42.971077919 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.147700071 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.147810936 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.215646982 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.218349934 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.326677084 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.329848051 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.386656046 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.386734962 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.460696936 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.466590881 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.566634893 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.569258928 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.647656918 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.648942947 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.746745110 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.821717024 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.821790934 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.895190001 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.895256996 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.895301104 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.895400047 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.895452976 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.906749964 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.906872988 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.920923948 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.922559023 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.935738087 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.938663006 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.949852943 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.950637102 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.964730024 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.964809895 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.978766918 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.980654955 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:43.993752956 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:43.994157076 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.006597996 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.041793108 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.042675018 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.057753086 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.057882071 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.073748112 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.078665018 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.086102009 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.089306116 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.101011038 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.102484941 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.117131948 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.118673086 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.130445004 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.130645037 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.144695044 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.146646976 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.161288977 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.166568995 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.173813105 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.175893068 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.187760115 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.188910961 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.201843023 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.202030897 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.216780901 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.216892958 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.230897903 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.234652996 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.246800900 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.250636101 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.260747910 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.260924101 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.275772095 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.278695107 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.288765907 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.289897919 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.303793907 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.306700945 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.317743063 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.321710110 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.338684082 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.338860989 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.352777958 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.352948904 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.367729902 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.367877007 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.381752968 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.381850958 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.396811962 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.396877050 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.411813021 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.412013054 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.425721884 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.425786972 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.439799070 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.439965963 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.456810951 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.456975937 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.488746881 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.488922119 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.517615080 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.517792940 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.520642042 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.531910896 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.532273054 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.559731007 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.559884071 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.586757898 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.586848021 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.589802980 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.613713026 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.613778114 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.657784939 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.657857895 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.687747955 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.687930107 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.703758001 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.703938961 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.718806982 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.718975067 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.731652975 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.731796026 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.734627962 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.746763945 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.746920109 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.760895967 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.761081934 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.775846958 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.775944948 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.790734053 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.790915012 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.794630051 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.804687023 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.804847002 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.819742918 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.819900036 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.833690882 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.833803892 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.847681999 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.847822905 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.862692118 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.862833977 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.878762007 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.878901005 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.893748999 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.893925905 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.908713102 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.908865929 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.923803091 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.923943043 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.938731909 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.938801050 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.943728924 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.957717896 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.957787991 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.972743988 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.972847939 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.977613926 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.977752924 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.987755060 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.987812996 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:44.997699976 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:44.997771978 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.002621889 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.002729893 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.020746946 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.020898104 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.035721064 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.035849094 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.038589954 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.038650036 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.052695036 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.052786112 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.068697929 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.068860054 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.082659960 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.082801104 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.096774101 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.096858025 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.110816956 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.110903978 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.125792980 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.125895977 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.139791965 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.139847040 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.156810045 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.156974077 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.169739008 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.169823885 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.186745882 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.186815023 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.200807095 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.200921059 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.215719938 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.215877056 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.230729103 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.230825901 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.245774031 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.245902061 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.258728027 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.258855104 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.262581110 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.262686014 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:45.277766943 CEST	1991	49786	91.109.186.5	192.168.2.3
May 12, 2022 07:58:45.277908087 CEST	49786	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:48.994673967 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.122638941 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.122814894 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.123054028 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.309655905 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.380610943 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.380842924 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.514785051 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.515640020 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.697674036 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.742867947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.757711887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.759080887 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.771816015 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.786820889 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.789092064 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.800734997 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.814827919 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.815021992 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.828780890 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.843723059 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.845616102 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.858784914 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.873806000 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.873972893 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.898803949 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.913759947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.913837910 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.928755045 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.943806887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.943892002 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.959770918 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.974714041 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:49.975105047 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:49.988795042 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.003774881 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.003886938 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.029740095 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.044706106 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.046837091 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.058744907 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.073684931 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.073755980 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.087711096 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.101753950 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.103130102 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.115756989 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.130784988 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.131187916 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.145720959 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.160836935 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.161082029 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.174753904 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.189745903 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.191091061 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.208708048 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.222834110 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.223124027 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.236712933 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.251789093 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.252152920 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.266701937 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.280726910 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.283138990 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.293889046 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.308852911 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.310856104 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.339768887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.342247963 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.353693962 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.355191946 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.384746075 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.386384010 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.400823116 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.400934935 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.414832115 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.415041924 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.442821980 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.443142891 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.478713036 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.479193926 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.518873930 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.518944025 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.546827078 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.547516108 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.560899973 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.561058998 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.574913025 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.575112104 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.589826107 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.590262890 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.611911058 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.612055063 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.626760960 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.626842022 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.641773939 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.641907930 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.655781031 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.656301975 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.672792912 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.672935963 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.686748981 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.686866045 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.701803923 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.701950073 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.715794086 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.715929031 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.730853081 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.732270956 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.744800091 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.744920969 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.759807110 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.762054920 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.773683071 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.774713039 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.788826942 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.789299011 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.794703960 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.794790983 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.804748058 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.804861069 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.807600975 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.807681084 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.821764946 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.821856022 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.882754087 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.882899046 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.896744013 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.896878004 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.910854101 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.911052942 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.925765038 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.925901890 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.940684080 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.940776110 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.967784882 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.968489885 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.983036041 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.983166933 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:50.996767044 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:50.996917009 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.010874033 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.012069941 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.029206991 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.029561043 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.041763067 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.041834116 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.055711031 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.058331966 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.069729090 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.069909096 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.085820913 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.085890055 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.102133036 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.102227926 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.114940882 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.115055084 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.138046026 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.138709068 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.152024984 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.152168036 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.166920900 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.167236090 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.180830956 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.180942059 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.580774069 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.580940962 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.724745989 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.728665113 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.738781929 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.738929033 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.869771004 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.869870901 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.883743048 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.883893013 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:51.899748087 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:51.899890900 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.010759115 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.011406898 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.024792910 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.024914026 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.039719105 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.039820910 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.054724932 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.054860115 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.194766045 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.208725929 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.208847046 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.223798037 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.238765001 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.238872051 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.252715111 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.267785072 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.267909050 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.280843973 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.296717882 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.296787024 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.310777903 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.325880051 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.326004028 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.339735031 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.354718924 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.354809999 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.368740082 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.382776976 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.382909060 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.396771908 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.412746906 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.412817001 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.426747084 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.443715096 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.443795919 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.457770109 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.472738981 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.473916054 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.486758947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.501723051 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.501808882 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.514699936 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.530673981 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.530760050 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.544663906 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.560655117 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.560730934 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.574749947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.589745045 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.589823961 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.602760077 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.617764950 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.617950916 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.632723093 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.647717953 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.647805929 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.661710024 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.676721096 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.676793098 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.690727949 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.704860926 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.704961061 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.719774008 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.735738039 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.735853910 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.748769999 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.764892101 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.764981031 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.778822899 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.793845892 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.793956041 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.806765079 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.821685076 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.821783066 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.835886002 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.851751089 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.852257013 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.865731001 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.880763054 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.880858898 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.894680023 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.913748980 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.913855076 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.928709030 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.941729069 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.941811085 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.957789898 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.971714973 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:52.971779108 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:52.985747099 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.000736952 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.000814915 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.014781952 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.028655052 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.028729916 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.042884111 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.057770014 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.057852983 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.072731972 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.087677956 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.087774992 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.100816011 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.117701054 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.117805004 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.132699966 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.146796942 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.146866083 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.161792994 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.175740004 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.175939083 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.190802097 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.204726934 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.204796076 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.219811916 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.233732939 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.233798027 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.248922110 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.264830112 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.264916897 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.279948950 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.293766022 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.293842077 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.307712078 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.324676991 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.324758053 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.339768887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.353733063 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.353910923 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.367769957 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.390660048 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.395458937 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.404711962 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.418715954 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.418785095 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.433842897 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.447767019 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.449446917 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.462738991 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.479715109 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.480384111 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.493689060 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.508706093 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.511442900 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.521691084 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.538675070 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.538753986 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.553699970 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.567701101 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.567770004 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.582724094 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.597704887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.597801924 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.611716986 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.627655983 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.627737999 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.640785933 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.657640934 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.657716990 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.672671080 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.686742067 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.686800957 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.702660084 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.716603994 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.716681004 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.732677937 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.747679949 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.747754097 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.761697054 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.775682926 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.775753021 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.789742947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.805728912 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.807496071 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.819664001 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.833657980 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.835474968 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.848681927 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.862658024 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.867475033 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.878719091 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.892672062 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.892770052 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.907708883 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.922710896 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.923450947 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.938680887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.952744961 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.952814102 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.967744112 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.980664968 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:53.980762959 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:53.997638941 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.012729883 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.012795925 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.026741028 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.041553974 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.043474913 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.055757046 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.070719004 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.070826054 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.084758997 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.097855091 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.097943068 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.114703894 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.130768061 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.135523081 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.144681931 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.159800053 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.159961939 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.173708916 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.188673019 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.191075087 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.204716921 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.218744993 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.219600916 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.234735012 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.250817060 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.250942945 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.264719009 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.279839993 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.279958010 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.293754101 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.308784008 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.308887959 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.322803974 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.336828947 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.336916924 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.351807117 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.366718054 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.366806030 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.380732059 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.395777941 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.397201061 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.409687996 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.424716949 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.424858093 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.437722921 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.453708887 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.453856945 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.467693090 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.481748104 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.481852055 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.496778965 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.512737036 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.513017893 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.526710033 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.542711973 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.542804956 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.555782080 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.571718931 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.571834087 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.585654020 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.589608908 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.589699984 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.779186964 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:54.922733068 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:54.956737041 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:55.085726023 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:55.092775106 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:55.220668077 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:55.220837116 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:55.369411945 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:55.369682074 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:55.552622080 CEST	1991	49789	91.109.186.5	192.168.2.3
May 12, 2022 07:58:55.552742958 CEST	49789	1991	192.168.2.3	91.109.186.5
May 12, 2022 07:58:55.726603985 CEST	1991	49789	91.109.186.5	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2022 07:56:50.503297091 CEST	64851	53	192.168.2.3	8.8.8.8
May 12, 2022 07:56:50.524601936 CEST	53	64851	8.8.8.8	192.168.2.3
May 12, 2022 07:57:00.567784071 CEST	49316	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:00.590230942 CEST	53	49316	8.8.8.8	192.168.2.3
May 12, 2022 07:57:07.568006992 CEST	56417	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:07.587565899 CEST	53	56417	8.8.8.8	192.168.2.3
May 12, 2022 07:57:14.085995913 CEST	57421	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:14.105559111 CEST	53	57421	8.8.8.8	192.168.2.3
May 12, 2022 07:57:21.200678110 CEST	49873	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:21.221888065 CEST	53	49873	8.8.8.8	192.168.2.3
May 12, 2022 07:57:27.661298990 CEST	49327	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:27.682848930 CEST	53	49327	8.8.8.8	192.168.2.3
May 12, 2022 07:57:35.116136074 CEST	58981	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:35.138746023 CEST	53	58981	8.8.8.8	192.168.2.3
May 12, 2022 07:57:43.055500031 CEST	64452	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:43.074953079 CEST	53	64452	8.8.8.8	192.168.2.3
May 12, 2022 07:57:49.621150017 CEST	61380	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:49.643440962 CEST	53	61380	8.8.8.8	192.168.2.3
May 12, 2022 07:57:57.000972986 CEST	52810	53	192.168.2.3	8.8.8.8
May 12, 2022 07:57:57.018244982 CEST	53	52810	8.8.8.8	192.168.2.3
May 12, 2022 07:58:03.777712107 CEST	55151	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:03.795254946 CEST	53	55151	8.8.8.8	192.168.2.3
May 12, 2022 07:58:08.391948938 CEST	59795	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:08.415642977 CEST	53	59795	8.8.8.8	192.168.2.3
May 12, 2022 07:58:16.497291088 CEST	64816	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:16.518326998 CEST	53	64816	8.8.8.8	192.168.2.3
May 12, 2022 07:58:22.992727995 CEST	64996	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:23.013859987 CEST	53	64996	8.8.8.8	192.168.2.3
May 12, 2022 07:58:29.546488047 CEST	53816	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:29.566279888 CEST	53	53816	8.8.8.8	192.168.2.3
May 12, 2022 07:58:36.256527901 CEST	52096	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:36.275990009 CEST	53	52096	8.8.8.8	192.168.2.3
May 12, 2022 07:58:42.822968960 CEST	60640	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:42.840430975 CEST	53	60640	8.8.8.8	192.168.2.3
May 12, 2022 07:58:48.970896959 CEST	63861	53	192.168.2.3	8.8.8.8
May 12, 2022 07:58:48.990263939 CEST	53	63861	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 12, 2022 07:56:50.503297091 CEST	192.168.2.3	8.8.8.8	0xec6d	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:00.567784071 CEST	192.168.2.3	8.8.8.8	0x4057	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:07.568006992 CEST	192.168.2.3	8.8.8.8	0x54a4	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:14.085995913 CEST	192.168.2.3	8.8.8.8	0x4379	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:21.200678110 CEST	192.168.2.3	8.8.8.8	0xfab9	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:27.661298990 CEST	192.168.2.3	8.8.8.8	0x9dc1	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:35.116136074 CEST	192.168.2.3	8.8.8.8	0x64e8	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:43.055500031 CEST	192.168.2.3	8.8.8.8	0x2cca	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:49.621150017 CEST	192.168.2.3	8.8.8.8	0x1545	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:57:57.000972986 CEST	192.168.2.3	8.8.8.8	0x7a8d	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:03.777712107 CEST	192.168.2.3	8.8.8.8	0x9ba	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:08.391948938 CEST	192.168.2.3	8.8.8.8	0x9ae1	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:16.497291088 CEST	192.168.2.3	8.8.8.8	0xb2bd	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:22.992727995 CEST	192.168.2.3	8.8.8.8	0xaff3	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:29.546488047 CEST	192.168.2.3	8.8.8.8	0x4b78	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:36.256527901 CEST	192.168.2.3	8.8.8.8	0x79d1	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:42.822968960 CEST	192.168.2.3	8.8.8.8	0x9850	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)
May 12, 2022 07:58:48.970896959 CEST	192.168.2.3	8.8.8.8	0x91b7	Standard query (0)	khalil3131.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 12, 2022 07:56:50.524601936 CEST	8.8.8.8	192.168.2.3	0xec6d	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:00.590230942 CEST	8.8.8.8	192.168.2.3	0x4057	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:07.587565899 CEST	8.8.8.8	192.168.2.3	0x54a4	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:14.105559111 CEST	8.8.8.8	192.168.2.3	0x4379	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:21.221888065 CEST	8.8.8.8	192.168.2.3	0xfab9	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:27.682848930 CEST	8.8.8.8	192.168.2.3	0x9dc1	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:35.138746023 CEST	8.8.8.8	192.168.2.3	0x64e8	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:43.074953079 CEST	8.8.8.8	192.168.2.3	0x2cca	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:49.643440962 CEST	8.8.8.8	192.168.2.3	0x1545	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:57:57.018244982 CEST	8.8.8.8	192.168.2.3	0x7a8d	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:03.795254946 CEST	8.8.8.8	192.168.2.3	0x9ba	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:08.415642977 CEST	8.8.8.8	192.168.2.3	0x9ae1	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:16.518326998 CEST	8.8.8.8	192.168.2.3	0xb2bd	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:23.013859987 CEST	8.8.8.8	192.168.2.3	0xaff3	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:29.566279888 CEST	8.8.8.8	192.168.2.3	0x4b78	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:36.275990009 CEST	8.8.8.8	192.168.2.3	0x79d1	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:42.840430975 CEST	8.8.8.8	192.168.2.3	0x9850	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)
May 12, 2022 07:58:48.990263939 CEST	8.8.8.8	192.168.2.3	0x91b7	No error (0)	khalil3131.ddns.net	91.109.186.5	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	07:56:41
Start date:	12/05/2022
Path:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe"
Imagebase:	0xca0000
File size:	207872 bytes
MD5 hash:	DF1DC1A245D93014003E9ECC4F654602
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.545700012.0000000005860000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.546009139.0000000005F80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000000.271804888.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.545464811.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Target ID:	1
Start time:	07:56:43
Start date:	12/05/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp187C.tmp
Imagebase:	0xb40000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	2
Start time:	07:56:44
Start date:	12/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c9170000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	3
Start time:	07:56:46
Start date:	12/05/2022
Path:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe 0
Imagebase:	0x430000
File size:	207872 bytes
MD5 hash:	DF1DC1A245D93014003E9ECC4F654602
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000003.00000002.298371939.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000003.00000000.282231195.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000003.00000002.297856567.0000000000432000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000003.00000002.298492088.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Target ID:	4
Start time:	07:56:46
Start date:	12/05/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp21A4.tmp
Imagebase:	0xb40000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	6
Start time:	07:56:48
Start date:	12/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c9170000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	9
Start time:	07:56:50
Start date:	12/05/2022
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
Imagebase:	0xdb0000
File size:	207872 bytes
MD5 hash:	DF1DC1A245D93014003E9ECC4F654602
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000009.00000000.291791981.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000009.00000002.312387842.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000009.00000002.311896346.0000000000DB2000.00000002.00000001.01000000.00000005.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000009.00000002.312592762.0000000004461000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Joe Security Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: ditekSHen Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 86%, Metadefender, Browse Detection: 98%, ReversingLabs
Reputation:	low

Show Windows behavior

Target ID:	11
Start time:	07:56:51
Start date:	12/05/2022
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Imagebase:	0xd0000
File size:	207872 bytes
MD5 hash:	DF1DC1A245D93014003E9ECC4F654602
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000B.00000000.294404825.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.314675096.0000000002781000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.314132529.00000000000D2000.00000002.00000001.01000000.00000005.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.314708127.0000000003781000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Execution Graph

Execution Coverage:	26.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.9%
Total number of Nodes:	242
Total number of Limit Nodes:	7

Executed Functions

Function 014DB2A0 Relevance: 2.1, Strings: 1, Instructions: 896COMMON

Download Yara Rule

Strings

r, xrefs: 014DBD54

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 9d3e4dc1cb686e4c592324f3ce51cec52f73011f7fde29ba85c1369c55ddbc61
Instruction ID: 6c6713cc87e4cb3340f3d0a780f50d93c5513d8ff9d6c14103674d1e8607abb9
Opcode Fuzzy Hash: 9d3e4dc1cb686e4c592324f3ce51cec52f73011f7fde29ba85c1369c55ddbc61
Instruction Fuzzy Hash: F9826770A00605CFCB14CF68C594AAEFBB2FF89310F56856AD45AAB765D730E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 014D3850 Relevance: 2.0, Strings: 1, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_~q, xrefs: 014D3F9D

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: >_~q
API String ID: 0-3236834513
Opcode ID: b548dd4632665b2a8775233c3b15822d0ed9652d456d638627e2e0aeebe32e03
Instruction ID: 9994b4553f5f52be404149c9ee8b919825eb23b7a5809f4a83788f65ff5b04f1
Opcode Fuzzy Hash: b548dd4632665b2a8775233c3b15822d0ed9652d456d638627e2e0aeebe32e03
Instruction Fuzzy Hash: 2152C3B1A04206CFCF15CF68C49496ABBF2FF85310B1985AAD5199F266C731ED42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 05592D6C Relevance: 1.6, APIs: 1, Instructions: 90
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

bind.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592E1F

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 259fc493688598b222ec5809f9e0169342b5b1c724cea4e438531c7c05215b0a
Instruction ID: 925c8557e1d1142516b5ae4eeb73897e2afc2d0f6c2b7fb8dcd4b7abe7a0c83d
Opcode Fuzzy Hash: 259fc493688598b222ec5809f9e0169342b5b1c724cea4e438531c7c05215b0a
Instruction Fuzzy Hash: 5331727550D3C06FD7138B258C55BA6BFB8AF07210F1984DBE984DF193D2289909C771

Uniqueness

Uniqueness Score: -1.00%

Function 0559193B Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055919BB

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 61263cf2214a11ff3bb82043ca1a86157a6793312aa74acce7b7144974238165
Instruction ID: 92b29daeb6090fad27ce45df435b83a357cda46652313d28e2e5e441eedcc0c1
Opcode Fuzzy Hash: 61263cf2214a11ff3bb82043ca1a86157a6793312aa74acce7b7144974238165
Instruction Fuzzy Hash: 0C21D176509780AFDB138F25DC40B52BFB4FF06210F0885DAE9858F163D234A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0559327A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055932EA

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: c80a1777763eaf4e0e313cfa637759e3de7c554a0fe302bd891812798e208a83
Instruction ID: 656321c0446967f82dc065341a04675d2e42e9060bbacd649f2074539e5f4ad2
Opcode Fuzzy Hash: c80a1777763eaf4e0e313cfa637759e3de7c554a0fe302bd891812798e208a83
Instruction Fuzzy Hash: 5411A271400204AFEB31CF55DC45FA6FBEDFF08310F14886AEA459B255D675A509CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591B77 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05591BED

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: f7f0f795e8d9025578bce5e1ff04bf56d0dd9ff2ac24e5799d297420ab1fe694
Instruction ID: c12092d11a46c538d9c032b9a16d057d12437dc80c56ac72c757cef625ce6962
Opcode Fuzzy Hash: f7f0f795e8d9025578bce5e1ff04bf56d0dd9ff2ac24e5799d297420ab1fe694
Instruction Fuzzy Hash: F121C0754097C09FDB238B21DC41A62FFB4FF16314F0984DBE9844B1A3D269A50DDB62

Uniqueness

Uniqueness Score: -1.00%

Function 05592DBE Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592E1F

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 572ce24b446897c40e110d734aec575ce5c632916ec0ea8053c55cc03087dd58
Instruction ID: 9cae0e35cbf4ddb833f2322f2a8fd5f1d7bb88d483ec2ce90aac4b202caf03b2
Opcode Fuzzy Hash: 572ce24b446897c40e110d734aec575ce5c632916ec0ea8053c55cc03087dd58
Instruction Fuzzy Hash: E7119D75500200AFEB21CF55DC85FA6BBACEF04720F1888AAED499B245D678A509CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591972 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055919BB

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 029a2173fd5f1bbead14004033683fa2898cadd3947d6a1aa8ba4d08bddf89ae
Instruction ID: 37758d5a76e87fea61bdf03a3abcc89fa756d6520706a72928b0a1b4c72a3297
Opcode Fuzzy Hash: 029a2173fd5f1bbead14004033683fa2898cadd3947d6a1aa8ba4d08bddf89ae
Instruction Fuzzy Hash: BB11A0315006419FDF21CF59DC84B66FFE4FF04220F08C8AAEE898B612D275E418CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0559169A Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 055916CC

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 8f22c72f57cb2c4979688aa7e7b1597a1d3a4fd883ee108f442b8bb48d9e4de2
Instruction ID: 594d28102fc8ce48bd8ee06ddd35cccf5d06d6a7d44657bfe4582ee8e03ba075
Opcode Fuzzy Hash: 8f22c72f57cb2c4979688aa7e7b1597a1d3a4fd883ee108f442b8bb48d9e4de2
Instruction Fuzzy Hash: C201AD748006808FDB20CF59E885B65FFE4EF04221F08C8AADD488F656D279A408CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 05591BB2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05591BED

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 07b2016d5af1e6d9f5440075378356095bdf3f6fcc9bf0c2218979a2e2e24dec
Instruction ID: c5fa135592e639a9883eca78d0564fcc584fb301a25e075618cef52531e3587a
Opcode Fuzzy Hash: 07b2016d5af1e6d9f5440075378356095bdf3f6fcc9bf0c2218979a2e2e24dec
Instruction Fuzzy Hash: 8501AD354006409FDB21CF45D984B21FFA2FF48321F08C89ADE890B612D27AA458DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 014D89D0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c5bdf087c9882a5e88f0968c2ea7859ef864ac030d7a46c3869ba1f7dfbb129
Instruction ID: 92c8cd09978dfad78893b855760049737ecbe760ea720251ee229acde362fff0
Opcode Fuzzy Hash: 9c5bdf087c9882a5e88f0968c2ea7859ef864ac030d7a46c3869ba1f7dfbb129
Instruction Fuzzy Hash: 47129A30A00216CFDB25DF78C4A566EBBF2BB84305F15856EE516DB366DB389882CB41

Uniqueness

Uniqueness Score: -1.00%

Function 014D23A0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe4f6081f7d9c732b6d3671bf56a96cbea1b1aac1cbfdd8bd4f415f9bb2a795
Instruction ID: 30ddf9836364943f685e30c32b8f4d2fa8622e714b7892398f23448900646828
Opcode Fuzzy Hash: 5fe4f6081f7d9c732b6d3671bf56a96cbea1b1aac1cbfdd8bd4f415f9bb2a795
Instruction Fuzzy Hash: BA129B30A00215CFDB25CF39D5A4AAEBBF2FB84314F14816ED416AB366DBB49C46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 014D2FA8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b55040c7bf318fa55a8a4b178da1664d6fbab581c8b74e2f3b48d06be605623
Instruction ID: 9f8c9707cfd38ae0e663866e2a60db46197fb0399769c8058c0acec3a5898b26
Opcode Fuzzy Hash: 2b55040c7bf318fa55a8a4b178da1664d6fbab581c8b74e2f3b48d06be605623
Instruction Fuzzy Hash: 8A81AEB1F011168BDB14DB68D890A6EB7F3AFC8314F298069D419EB36ADE30DD028791

Uniqueness

Uniqueness Score: -1.00%

Function 014D2D58 Relevance: 2.6, Strings: 2, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 014D2E76
>_~q, xrefs: 014D2DA5

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: $>_~q
API String ID: 0-1669717660
Opcode ID: 8157e3556dcbdc603ced540fb5768df5d9aba463fe473962d780021d1edbb555
Instruction ID: 6b39b21ecea6eb03368826e5a03d1814e65526f7a8571b035ea5e73c935d4d62
Opcode Fuzzy Hash: 8157e3556dcbdc603ced540fb5768df5d9aba463fe473962d780021d1edbb555
Instruction Fuzzy Hash: 2441C330E042158BCF25CF69C8949BEB7A2BBC5328B24C57BC416DB725C775D8438792

Uniqueness

Uniqueness Score: -1.00%

Function 0559343D Relevance: 1.7, APIs: 1, Instructions: 164
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 055934FA

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: ace32af58fa471084db2cdddf00d1423f8c9c76d7849e156c77b622fafa8ed41
Instruction ID: f94bf8a64ac86c5d454b6a8e75badbc4eade5094e4e6fab07c228ab5c83c43e0
Opcode Fuzzy Hash: ace32af58fa471084db2cdddf00d1423f8c9c76d7849e156c77b622fafa8ed41
Instruction Fuzzy Hash: 7351A4715093809FE712CB25DC45B66BFB8FF46710F0984DBD9848F2A3D624A909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 05591CF8 Relevance: 1.6, APIs: 1, Instructions: 122
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05591DEE

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 66a25e36ead97857a7608f4129b4cb529dbadfffb343f54e535f1a8af0ddc739
Instruction ID: 8b50dc6d7cc9c6834641e85fe371ba09cbb7ce93a53915650da476e283fbac00
Opcode Fuzzy Hash: 66a25e36ead97857a7608f4129b4cb529dbadfffb343f54e535f1a8af0ddc739
Instruction Fuzzy Hash: 0541476500E7C06FD7138B358C61A61BFB4EF47614B0E85CBE884CF5A3D269690AC7B2

Uniqueness

Uniqueness Score: -1.00%

Function 05591394 Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05591433

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c0d08086a08d62eb2ed2b91584082882b5075baea9c43d8ee56ca258113d4ab0
Instruction ID: e0b2b7010f1b3ab7812b20994d67ade990bb517be72a12b242536831815167bd
Opcode Fuzzy Hash: c0d08086a08d62eb2ed2b91584082882b5075baea9c43d8ee56ca258113d4ab0
Instruction Fuzzy Hash: AD31C2725043446FEB228B65DC44F67BFACEF05320F0489AEF985DB152D224E509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055911CC Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0559128E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: 1f088e907a49b0898af77487165d21515d90494048c12e693e1c26d964d394fd
Instruction ID: 53fb9d079ffab4acc78d5ba244110ce51ec0cbbd0e3cbaa335d254aa316d439b
Opcode Fuzzy Hash: 1f088e907a49b0898af77487165d21515d90494048c12e693e1c26d964d394fd
Instruction Fuzzy Hash: 90317C7140E3C05FD7038B258C51B62BFB4EF47610F0E85DBD9848F5A3D629A81AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 05590390 Relevance: 1.6, APIs: 1, Instructions: 93
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0559045E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 421b3627e417ac0d1c1280874bef1f42cae4241c700ed6b5669498b84fffa227
Instruction ID: 989a14253fb98a71e863e5aeeaeb456106d511ba999f846caaddbb2e4959f707
Opcode Fuzzy Hash: 421b3627e417ac0d1c1280874bef1f42cae4241c700ed6b5669498b84fffa227
Instruction Fuzzy Hash: 8A31D5B10043846FEB228F55CC41FA6FFB8EF05714F04899EF9859B192D275A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05590D68 Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05590E0D

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a7ee6d9c35cb098eedd1a6086784dc1ae084f05a68a131831d5cbbac04d956cb
Instruction ID: b28bc43fbec21bb5fdc68b31cfec9e9b609dc283f9132c56e136b8ffb2d4c5f9
Opcode Fuzzy Hash: a7ee6d9c35cb098eedd1a6086784dc1ae084f05a68a131831d5cbbac04d956cb
Instruction Fuzzy Hash: D2317071505380AFEB22CF65DC44F66BFE8FF45610F0888AEE9858B292D275E509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05590736 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055907E0

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: cda07ec3db54241ecba543a6a71edd68b2a8dc1c012ce29f09277bbb788245a9
Instruction ID: 6ad43a569f2f894c84f135354bb2c81370fe6d8dce6589dddc8a1c5ca02fa164
Opcode Fuzzy Hash: cda07ec3db54241ecba543a6a71edd68b2a8dc1c012ce29f09277bbb788245a9
Instruction Fuzzy Hash: AC31A971505384AFEB228F65DC45FA6BFBCEF06310F04889BE9849B152D234A509CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05591491 Relevance: 1.6, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetExitCodeProcess.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05591534

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 293cc8883ae57419b1108fa8295d59394c5446fcd8543cbeaa171c3d9badac2f
Instruction ID: 4f68e1e5ee45ba44075f625aa6263ee78e6c3dcc102051263092d9a55b2f789d
Opcode Fuzzy Hash: 293cc8883ae57419b1108fa8295d59394c5446fcd8543cbeaa171c3d9badac2f
Instruction Fuzzy Hash: C23108715093C05FEB128B25DC95FA6BFA8EF02710F0984DBE9849F1A3D224A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05592AF4 Relevance: 1.6, APIs: 1, Instructions: 90
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592B91

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 37496618f1d085b312a533b7ef88b6920fb15f7c2492687a649a870788084221
Instruction ID: ab675c4b3742041addcb8321f52de41ed2ad2d27171f920e139fe2c3fa85bfeb
Opcode Fuzzy Hash: 37496618f1d085b312a533b7ef88b6920fb15f7c2492687a649a870788084221
Instruction Fuzzy Hash: 8B31C5725093806FEB128F25DC45FA6BFBCEF06310F0884DAE9859B153D2259549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 055900F6 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0559019D

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: e47700fe8ef5c7ac4d4d3cb5ca0aa54b09a6b3879287bae472242687a083b4e9
Instruction ID: 3a48f42ae0d23b00192780511c7e1dd444f599272d1280706e9175ea65f7027d
Opcode Fuzzy Hash: e47700fe8ef5c7ac4d4d3cb5ca0aa54b09a6b3879287bae472242687a083b4e9
Instruction Fuzzy Hash: CB3191715097806FE712CB25DC85F66FFE8FF06210F08849AE984CB292D379E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05592F57 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592FFD

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 600cd9f2bbee1df61f8dad49d15f555069670f66982c7f856e72a68d2010db1d
Instruction ID: 5281df814a0af0a5448e1c53ac909b9cd6f62d7af03ed73ecede7b6bb4ba627d
Opcode Fuzzy Hash: 600cd9f2bbee1df61f8dad49d15f555069670f66982c7f856e72a68d2010db1d
Instruction Fuzzy Hash: B6317F71409380AFDB22CF25DC55BA6BFB8EF46310F0988DAE9849B163D225A549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05592688 Relevance: 1.6, APIs: 1, Instructions: 87
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 0559273A

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 84a041772624725be09f3641802585d22a7fa25f0e36dfa4db22c0911a97229e
Instruction ID: c69616707070fe96e20bc68ea323ac4a004bcd584a2b4600fc99874420405883
Opcode Fuzzy Hash: 84a041772624725be09f3641802585d22a7fa25f0e36dfa4db22c0911a97229e
Instruction Fuzzy Hash: AF31B3B2404780AFE722CB55DC45F56FFF8FF06320F08859AE9849B162D365A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055904AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 0559055C

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f68c39b351ff233ca0fdfcb9e6b87cae1533ea54c107c819265159ce8cd4a956
Instruction ID: e5c8bfb7d3f48830d975aac1873e79e5518e3b63e8454c1ee625ccfde6829686
Opcode Fuzzy Hash: f68c39b351ff233ca0fdfcb9e6b87cae1533ea54c107c819265159ce8cd4a956
Instruction Fuzzy Hash: 96319871109780AFDB22CB65DC44F52BFF8EF06310F0889DAE9859B1A3D264E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05593161 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055931F6

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 344a60dbe7f3304d6b3c3b959e5de57badca617d6e1a4686fcbe484207c6d802
Instruction ID: fceb75fafa6348328952d3a67ae0943b84b8e80b6f3790e2d849670cfdbdcd7a
Opcode Fuzzy Hash: 344a60dbe7f3304d6b3c3b959e5de57badca617d6e1a4686fcbe484207c6d802
Instruction Fuzzy Hash: 7221AE72404384AFEB228F55DC40FA7BFBCEF45710F0488AAEA859B152D234A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 055913B6 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05591433

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7128366ca2478e41a43384ed0ad5c861103d586b4e520ad4c7c64265047bfbb5
Instruction ID: 580500b932f7d2e9e4779a6cde90e4fe98d13dbca83b27b116932c7284882c77
Opcode Fuzzy Hash: 7128366ca2478e41a43384ed0ad5c861103d586b4e520ad4c7c64265047bfbb5
Instruction Fuzzy Hash: 7B21B072500604AFEB218F65DC45F6ABBADFF08310F04886AE9859B151D674E509CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0559360F Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055936A3

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: ad85672ae3c60f4aef2e331c5ad4e72b2ff0e03c0c4751021119437e072fb137
Instruction ID: 55c551cf2a4c7220dd645a369ac27c76118a240250844293c12c676455f32dae
Opcode Fuzzy Hash: ad85672ae3c60f4aef2e331c5ad4e72b2ff0e03c0c4751021119437e072fb137
Instruction Fuzzy Hash: 0821E2714093C06FEB22CB24DC45B96BFB8EF06314F0988DBE9849F153D234A509CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055902AB Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05590353

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9fa9a992ab60d85acafb891f7917869791b6c2c9877c4d025c1b5d95dc097511
Instruction ID: b9ce6b587f084c7d9025dbec98c62043411a62e7a4f484e9909bfd4a2cae7a0f
Opcode Fuzzy Hash: 9fa9a992ab60d85acafb891f7917869791b6c2c9877c4d025c1b5d95dc097511
Instruction Fuzzy Hash: 2A219A750097806FE7228F15DC45FA6FFB8EF06310F1884DAE9845B1A3D275A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05590E64 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05590EF9

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 96582a26234ea8f241e62286cf8ff0ceb8c11d3671f8035752d609cad74efbec
Instruction ID: 87abe65c8379169d6d23029b4bdba4cc99989300d50f8a216b0e957826da728f
Opcode Fuzzy Hash: 96582a26234ea8f241e62286cf8ff0ceb8c11d3671f8035752d609cad74efbec
Instruction Fuzzy Hash: A321CBB54097846FE7128B25DC45FB2BFBCEF46720F1884DAE9849B193D224A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 055925A6 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05592631

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 8bce0547e9e2c9ef1df37fe74df32977425065068794857de9110472b9263e8e
Instruction ID: 5a762d4e5cb1f94c44cf02a97eb492e412f98f890a6de5c4a9258c11b94a1929
Opcode Fuzzy Hash: 8bce0547e9e2c9ef1df37fe74df32977425065068794857de9110472b9263e8e
Instruction Fuzzy Hash: A621A3715053806FEB21CF25DC45F66FFA8EF05210F08849EE9848B252D379E908CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0559325A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055932EA

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: e0ccc6513811999949d851d71ceab2a20b670caebc0226a121c3f6ec4a00580a
Instruction ID: 34277f69511c9f287b17a5866c79145977d21eccb38241509a8d653b8732d5e4
Opcode Fuzzy Hash: e0ccc6513811999949d851d71ceab2a20b670caebc0226a121c3f6ec4a00580a
Instruction Fuzzy Hash: A8218172404344AFEB228F55DC44FA7BFBCEF45310F04889AE9859B152D234A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05591E1A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05591EA6

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 5da571238f3a8c35eada211bd4cb60285142cd56127628b6f8cd2aa3c6d88cce
Instruction ID: 542a16c7187135938095729a7568d5223296a43c0e6512e7df6d893b461c19d4
Opcode Fuzzy Hash: 5da571238f3a8c35eada211bd4cb60285142cd56127628b6f8cd2aa3c6d88cce
Instruction Fuzzy Hash: FC21AD71505780AFEB22CF65DC45F66FFB8EF05210F08889EEA848B652D275A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05590D8E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05590E0D

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3cc5fe878ba9a6b19f1590efb1e09025bab48b822e4cf70b27d0b334df55ed7b
Instruction ID: cb60b3f6a632eed341c91832958e07c44ced6b79974b477e3a046208989c06ff
Opcode Fuzzy Hash: 3cc5fe878ba9a6b19f1590efb1e09025bab48b822e4cf70b27d0b334df55ed7b
Instruction Fuzzy Hash: A4219C71504240AFEB21CF65DD49F66FBE8FF08710F08886DEA858B291D375E408CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05590F34 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05590FC5

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: b6c18ed6636807a281b3dc4ff2c20c6e9278c1af600df507fdac2c17fca5f988
Instruction ID: 6c352d09d4771e2b2c7bdff63f4d9e15f4866d014085e4e377c11453bef4f53b
Opcode Fuzzy Hash: b6c18ed6636807a281b3dc4ff2c20c6e9278c1af600df507fdac2c17fca5f988
Instruction Fuzzy Hash: 7B219071409780AFEB228B65DC45F66BFB8EF46314F0888DBE9849B153D225A409CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055903CA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0559045E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 87d1203342ac44e06746fd87739c278377b1ad93ee9b6238786c3a90a90b0f90
Instruction ID: d61d1811ed7d1383127eb75a0bd644055cd2fb11b5baf0e88298d96d606eb62f
Opcode Fuzzy Hash: 87d1203342ac44e06746fd87739c278377b1ad93ee9b6238786c3a90a90b0f90
Instruction Fuzzy Hash: EF21F272000204AEEB31CF55CC45FB6FFACFF04710F04885AEA859B191D6B5A549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055910ED Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05591184

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f10cf023e9d89a56e26940e82fbca447227540ebabb59ff94a76ba20c632488f
Instruction ID: ac5f3c9ee1aced93c608244e11b4b43840ca450565d917b5b5870a5e55972045
Opcode Fuzzy Hash: f10cf023e9d89a56e26940e82fbca447227540ebabb59ff94a76ba20c632488f
Instruction Fuzzy Hash: 3F21A172508740AFEB218B15DC85F67FFBCFF45310F08859AE9859B292D264E409CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0559012A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0559019D

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: fea0266167335229ee95f95ecea3c75a06a746eed20d3a0d5973c7995ed4659d
Instruction ID: 57d74b4ef9a0ecb7a1924a2514af38fd3a6426c1bc852b65f0fa18628b2c2c28
Opcode Fuzzy Hash: fea0266167335229ee95f95ecea3c75a06a746eed20d3a0d5973c7995ed4659d
Instruction Fuzzy Hash: 7A21B071504240AFEB25DF25DC49B6AFBE8FF04310F04886AED458B291D775E504CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0559100F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05591092

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: ece8114df10cb1e465360812329c7e6ffcd45c7514e88af868c0249369a340e1
Instruction ID: d34f3491c9fb8e2b8bda31c0eb0717e09526d0ba958d52f8d82e0af2b5c2c24f
Opcode Fuzzy Hash: ece8114df10cb1e465360812329c7e6ffcd45c7514e88af868c0249369a340e1
Instruction Fuzzy Hash: 8D2195715097C15FDB12CB25DC55B92BFE8FF06214F0884EAED85CB253D625E408C761

Uniqueness

Uniqueness Score: -1.00%

Function 05590C97 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 05590D13

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: c9ad83c831ccc780d6e5063a1284252ed5de4432143fd181e87113f3d89d8229
Instruction ID: 79b48fe327c4ccc4fc58b248a68934db23dc2815e3b2666f900756e21e0dd57e
Opcode Fuzzy Hash: c9ad83c831ccc780d6e5063a1284252ed5de4432143fd181e87113f3d89d8229
Instruction Fuzzy Hash: 4421A1755093809FDB12CF25DC85B52BFA8EF46210F0984EAE949CF1A3D238E509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05591597 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 05591623

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 9676430c0d7b002170df4d65237e58ecdc5b59f02269e118303e5b9c5cb7d4c8
Instruction ID: 7240753f7837438c0bf23b538be6013f45c01af26dd943f7efca237308fb2a43
Opcode Fuzzy Hash: 9676430c0d7b002170df4d65237e58ecdc5b59f02269e118303e5b9c5cb7d4c8
Instruction Fuzzy Hash: 042105715043806FE7218B25DC45FA6BFACEF05320F18809EFD449B192D3B8A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05590776 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055907E0

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 9febb28cf2b981c9c69a67add250b67229182e5116f76c93c231a4af13570b76
Instruction ID: 5adc8a6676b00b3edebbd91261c80fe82e8b0f2e54baad74190fe8a4c89b1e70
Opcode Fuzzy Hash: 9febb28cf2b981c9c69a67add250b67229182e5116f76c93c231a4af13570b76
Instruction Fuzzy Hash: 0111A271500204AFEB21CF69DC89FAAFBECEF04320F14886AE945DB255D674A5098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591A08 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 05591A74

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9548927a931ca09d3361aa7e4529d2b94d98bc784f0ae0364667650a4df26c1b
Instruction ID: 2157150deffed312a23df050943113f9ed045befd8c23e075b53ef6a0ead9bf7
Opcode Fuzzy Hash: 9548927a931ca09d3361aa7e4529d2b94d98bc784f0ae0364667650a4df26c1b
Instruction Fuzzy Hash: EE21C6715093C05FDB038B25DC55692BFB4AF47224F0D84DADD858F663D2749908C762

Uniqueness

Uniqueness Score: -1.00%

Function 055925C6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05592631

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 81acf069d2f99d26fba5d2dc5d42eb7599cecf6a44a7b14cf97aac864d73b1e3
Instruction ID: 7f0fb882ba219a7ec5ddde196ba11d800b0b763fe388017bde103084c5b43263
Opcode Fuzzy Hash: 81acf069d2f99d26fba5d2dc5d42eb7599cecf6a44a7b14cf97aac864d73b1e3
Instruction Fuzzy Hash: D4219F71500240AFEB21DF29DD45B66FB98EF04320F0484AAED858B641D675A505CA65

Uniqueness

Uniqueness Score: -1.00%

Function 05591E3A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05591EA6

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: f1e42ed0cf944959c0b868eeec21a4c3565089caf71506d030410d79cfc1877d
Instruction ID: ff60cbc951255a43d52fc2e352d700ef687995219dce1ebf83c990a83ea912c2
Opcode Fuzzy Hash: f1e42ed0cf944959c0b868eeec21a4c3565089caf71506d030410d79cfc1877d
Instruction Fuzzy Hash: BB21CD71500640AFEB21DF65DC45B66FFE9FF08320F04886EEE858B652D376A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055926C6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 0559273A

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 6d22af3f44c2b4794ba03150929b4d442edf6ee4ca1e4df0cd0d6f77e64b963b
Instruction ID: 1bd6c04da76e07238e0de8b4970cf14061b76bb8cf45ef555dbcb0af4a0f60e0
Opcode Fuzzy Hash: 6d22af3f44c2b4794ba03150929b4d442edf6ee4ca1e4df0cd0d6f77e64b963b
Instruction Fuzzy Hash: 2F21DE75100240AFEB21DF29CC84FA6FFE8FF08320F04885EEA849B251D275A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05593186 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055931F6

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: c80a1777763eaf4e0e313cfa637759e3de7c554a0fe302bd891812798e208a83
Instruction ID: 3e8f56293bd3eb735a0c79ba666e937cc579f655d2de64c649894bd915bd2961
Opcode Fuzzy Hash: c80a1777763eaf4e0e313cfa637759e3de7c554a0fe302bd891812798e208a83
Instruction Fuzzy Hash: 5111CD72400204AFEB21CF95DC80FA6FBEDFF08310F04886AEA859B215D234A0098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591ABD Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,B5C36321,00000000,?,?,?,?,?,?,?,?,72333C38), ref: 05591B2E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: abf2f5a737c26c0b1f249b1d40f74305f467737828da17fe7b35a03ab75f0a48
Instruction ID: e97f1a4f178487e231ad00595b27d9e82b65e5e4ba0a563e44a95f670788a19f
Opcode Fuzzy Hash: abf2f5a737c26c0b1f249b1d40f74305f467737828da17fe7b35a03ab75f0a48
Instruction Fuzzy Hash: 7A2165715093845FDB12CF65DC85B92BFE5EF46210F0984EBE985CF163D234A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05591112 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05591184

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0d1afb75088e82a958a9848906ee7382fb0dac631cf181465fbca5e9e7d01a5b
Instruction ID: 09ba280f6e281c51a0cbb96797186a56d872b3c8d8e01c3d16654af766f51d25
Opcode Fuzzy Hash: 0d1afb75088e82a958a9848906ee7382fb0dac631cf181465fbca5e9e7d01a5b
Instruction Fuzzy Hash: B9118E72604600AFEB318E15DD81F67FBECFF04710F08896AED869B255D674E409DAB1

Uniqueness

Uniqueness Score: -1.00%

Function 055904EA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 0559055C

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ca75ef83eb8546e8725afd152a8a2e977381d9ca75d298fb019ab205615104b7
Instruction ID: 96456218bb5e07aebbcc1665ac5de4650ac1a7a760374d9490a7f440b652e39e
Opcode Fuzzy Hash: ca75ef83eb8546e8725afd152a8a2e977381d9ca75d298fb019ab205615104b7
Instruction Fuzzy Hash: F511AF71500600AFEB21CE15DC84F66FBECFF04710F04889AE9469B2A2D264E509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05592B32 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592B91

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 49cfef9cc26142395a92a03a5b41539b34af7f7f6acb817fcd0de75073534d16
Instruction ID: 1aaeb1feb5937c435ccc3063eb8406ed3ca8bc5ac99762b467930145cd13221e
Opcode Fuzzy Hash: 49cfef9cc26142395a92a03a5b41539b34af7f7f6acb817fcd0de75073534d16
Instruction Fuzzy Hash: AB11D371500204AFEB21CF65DC85FA6FBE9EF04320F04886AE9459B251D278A4458BB1

Uniqueness

Uniqueness Score: -1.00%

Function 055917D0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0559183A

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 8c70c24d6525d14bb22f7e5096f9953e49c1be7db8df8ae06829b0247c196058
Instruction ID: dd9b3ad410f3381f4d63d71c38643d5702d659030deb63fcba04539e70e52d7e
Opcode Fuzzy Hash: 8c70c24d6525d14bb22f7e5096f9953e49c1be7db8df8ae06829b0247c196058
Instruction Fuzzy Hash: F51172715057819FDB21CF25DC85B96BFE8FF05210F0884AAED45DB652D278E448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05592F96 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05592FFD

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 95ca1890f348b3958e204262190b461352bb6e53b713b4122510b41ae4f33765
Instruction ID: 77b07192503632559d8b3d1af6efc682616fe7c52e268c4f4fd1f9320398bd1f
Opcode Fuzzy Hash: 95ca1890f348b3958e204262190b461352bb6e53b713b4122510b41ae4f33765
Instruction Fuzzy Hash: 9E11BB71500240AFEB21CF55DC85FAAFBECEF04720F0488AAED499B251D278E549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055914DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05591534

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 5d988915b82f7f8d1794bbd0bf92bec4498e602b56d453c6e27cdd1f8f6d8b63
Instruction ID: fd186a59ff7359ee4c8ce911a2589d35fc0b9baa0e4662e5f042c49a4bd69819
Opcode Fuzzy Hash: 5d988915b82f7f8d1794bbd0bf92bec4498e602b56d453c6e27cdd1f8f6d8b63
Instruction Fuzzy Hash: 8C11E371500240AFEB21CF29DC85BAABB9CEF04320F18C8AAED45DB255D678A505CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 05590F66 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05590FC5

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: a4a9f8020cb6ed090437c0c8069e3996d4b482e6172d6ed324a2eca0191a4d4f
Instruction ID: 26f847672636692e4ed37c31800a7e91da0b75fe94a05092d99242860cc9a300
Opcode Fuzzy Hash: a4a9f8020cb6ed090437c0c8069e3996d4b482e6172d6ed324a2eca0191a4d4f
Instruction Fuzzy Hash: F011C171400640AFEB21CF55DC85FAAFFACFF04321F1488AAEE499B255D275A509CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055902DE Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05590353

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c0422794745c24caa5723a8b03cae136bce0e4015bd585becd0cfb6bc59910df
Instruction ID: e97904f6fdaa1cce387e70f92fab1af06f748eb238c1cddd071adf64797d7f7a
Opcode Fuzzy Hash: c0422794745c24caa5723a8b03cae136bce0e4015bd585becd0cfb6bc59910df
Instruction Fuzzy Hash: 4111BF31100600AFEB31DF15DC45F66FFA9FF04710F14889AEE855A2A2C2B9A549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055901FF Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 05590264

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 424c9eb275ec1624f9dce7907ad50cea3f44fb113585d954fb2d743fe0604fda
Instruction ID: 335a8290853d450ab4f886402b92b502ab950a0cab195a440e9bb5e65ebfbb0f
Opcode Fuzzy Hash: 424c9eb275ec1624f9dce7907ad50cea3f44fb113585d954fb2d743fe0604fda
Instruction Fuzzy Hash: DC1184714053849FDB16CF55DD89B56BFA8EF46220F0884EBED859B662D238A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055915BA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 05591623

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d6597a2aeff525acc8ed1612777b7bb2358e69abbd7e2da71f41c5c0c7240f0f
Instruction ID: 152b39785280d7ffeeceff58ed26781d442903bd9d71509bf09ae9460e6e4069
Opcode Fuzzy Hash: d6597a2aeff525acc8ed1612777b7bb2358e69abbd7e2da71f41c5c0c7240f0f
Instruction Fuzzy Hash: DB110631500640AFEB20DB19DC45F76FF9CEF04720F1884AAED459B685D2B8A545CE61

Uniqueness

Uniqueness Score: -1.00%

Function 0559364A Relevance: 1.6, APIs: 1, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 055936A3

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 5638a36e2be35894107eb4c51a9bc8064a79624a678d3bfb6bf2e04b0b2dea3f
Instruction ID: 671361fec670b61990ca3b0feedec990377d72f98025ccf8b1ab210e08fcac86
Opcode Fuzzy Hash: 5638a36e2be35894107eb4c51a9bc8064a79624a678d3bfb6bf2e04b0b2dea3f
Instruction Fuzzy Hash: F211A371504244AFEB21DF59DC85F66FFACEF44320F1488AAED449F245D274A5098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591667 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 055916CC

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 75ad55c58027f2d91467d2911d026b9366fe2394e1048b928d93a72f30ef5736
Instruction ID: 16a63664ba5ed9de02b61c93559ccbcfad41a1e1c0730a1f2c1939da3839a20d
Opcode Fuzzy Hash: 75ad55c58027f2d91467d2911d026b9366fe2394e1048b928d93a72f30ef5736
Instruction Fuzzy Hash: E41160754093C09FD7128B65DC85B52BFB4EF46224F0988EBED848F163C279A449CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0559104A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05591092

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 5d045c86a779db3d4a7bb13b0e50cda3591828ac6b2b79088d1f58f44ad6a9aa
Instruction ID: bd79b216462d8cf9f51a0c6710e7d1d3f0abf3898cb944507ff0397cc3e9d87f
Opcode Fuzzy Hash: 5d045c86a779db3d4a7bb13b0e50cda3591828ac6b2b79088d1f58f44ad6a9aa
Instruction Fuzzy Hash: E01182756046418FDB24CF69DC85B56FBD8FF04210F08C8AADD49CB642D67AE404CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055917F2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0559183A

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 5d045c86a779db3d4a7bb13b0e50cda3591828ac6b2b79088d1f58f44ad6a9aa
Instruction ID: 3eaff589babcecd56695399063a0832c8892f8cfe69b4e040075aa45b3d2019d
Opcode Fuzzy Hash: 5d045c86a779db3d4a7bb13b0e50cda3591828ac6b2b79088d1f58f44ad6a9aa
Instruction Fuzzy Hash: 9211A171A006019FDB25CF29DC85BA6FBD8FF04220F08C8AADD49DB652D678E404DB71

Uniqueness

Uniqueness Score: -1.00%

Function 05590CCE Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 05590D13

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 7705847f81608e9bb583b1d07e77f6cbe362428dde1e1653c897baf45274acd3
Instruction ID: 13b2a75712b409f853001ce9ac9f547c20b9baef7d56222fe0aaf3f3e6b3b412
Opcode Fuzzy Hash: 7705847f81608e9bb583b1d07e77f6cbe362428dde1e1653c897baf45274acd3
Instruction Fuzzy Hash: 7C1161756043448FDB54CF29D889B66FBE8FF44220F48C8AADD49CB296D678E444CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05590EA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,B5C36321,00000000,00000000,00000000,00000000), ref: 05590EF9

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 74915a665747952c6abe683f4611dd26cb5f7e8b8d48319b95b1d2349623bfea
Instruction ID: 261e6e05fbcf7bd03e69f739e04ed7bfd02d25a4b7f6d1e096d9596946411f5e
Opcode Fuzzy Hash: 74915a665747952c6abe683f4611dd26cb5f7e8b8d48319b95b1d2349623bfea
Instruction Fuzzy Hash: 8A01F571500244AFEB21CB19DC85F76FFACEF04720F14C89AEE449B295D278A649CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 05591AEE Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,B5C36321,00000000,?,?,?,?,?,?,?,?,72333C38), ref: 05591B2E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: f7d3f51ce60e3a900f5242ba1d80ec9f0fc5546e7c9d1a9f07aa49dc6fb0b3ab
Instruction ID: 8a3cd536a9fee8b4e198d05168b97b5dc13a5dca8238f1ca75b5ef2b5bca3d11
Opcode Fuzzy Hash: f7d3f51ce60e3a900f5242ba1d80ec9f0fc5546e7c9d1a9f07aa49dc6fb0b3ab
Instruction Fuzzy Hash: DD11A1315006058FDB20CF69D885B66FBE6FF44220F08C8AADD498B652E278E408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0559123E Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0559128E

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: b3d13cca407fa76dffa77ae211ae9838dd3868762e9a1862523eb7916651f94c
Instruction ID: ef2112a2af7ffb397545abd86d1fe3c2b2496a42bdf71ac5d7de5287afca0e0b
Opcode Fuzzy Hash: b3d13cca407fa76dffa77ae211ae9838dd3868762e9a1862523eb7916651f94c
Instruction Fuzzy Hash: E301BC71900200ABD750DF1ADC86F26FBA8FB88B20F14856AED088B641E631F915CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 055934AA Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 055934FA

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 44f258dd234d917adc0dff67840b5de73e56b715e2864d567be43cea1ffce3a3
Instruction ID: 623f25a56997a998176b72baccf8a1186774f96c28f232512ea58d36d2c84021
Opcode Fuzzy Hash: 44f258dd234d917adc0dff67840b5de73e56b715e2864d567be43cea1ffce3a3
Instruction Fuzzy Hash: 6701BC71900200ABD750DF1ADC86F26FBA8FB88B20F14856AED088B641E631F915CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 05591A42 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 05591A74

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: b8e67e1004e99eb0d12667dd19b5a5edc10bcfc3dc9a1e915d04ca819e63c54e
Instruction ID: b44d10b809ffbfc4ff517f92458bf388728510875ad380f7af304b589e636d1b
Opcode Fuzzy Hash: b8e67e1004e99eb0d12667dd19b5a5edc10bcfc3dc9a1e915d04ca819e63c54e
Instruction Fuzzy Hash: BF01D4315007408FDB14CF59E985766FF94EF44220F08C4AADD498BA46C278E848CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 05590232 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 05590264

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: fe7a574047ec092d5b35122325ee4e8356242f0f13a4715f637ff4f556ffdbb9
Instruction ID: c32bf276a207d1504c59fbbc5e0925c9bb7b325c745173ba77f30e917d4994e0
Opcode Fuzzy Hash: fe7a574047ec092d5b35122325ee4e8356242f0f13a4715f637ff4f556ffdbb9
Instruction Fuzzy Hash: B301DF319002408FDF14CF69D889766FF94EF44320F08C8AADD498F696D279E448CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 05591D9E Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05591DEE

Memory Dump Source

Source File: 00000000.00000002.545547952.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5590000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 951eee87d951c9c3df2698311a789d98e80a42855ae619204a5ab28fd8a1ff60
Instruction ID: 4c8798e94b582f5b52b29e170592820a418521adf0a626cfed07296b4814cdb1
Opcode Fuzzy Hash: 951eee87d951c9c3df2698311a789d98e80a42855ae619204a5ab28fd8a1ff60
Instruction Fuzzy Hash: 2B01AD71500600ABD750DF1ADC82F26FBA8FB88B20F14815AED084BB41E671F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 014D20D0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

r*+, xrefs: 014D230F

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 170674a8f5974b6f50a76d2b9a46884457df8f3b050f88df9a0fbbd17b89a2b6
Instruction ID: 0fe71c04e14df3a8bd44fc6637c919c460d399f677dee9512cd899db64c8a783
Opcode Fuzzy Hash: 170674a8f5974b6f50a76d2b9a46884457df8f3b050f88df9a0fbbd17b89a2b6
Instruction Fuzzy Hash: C4713A30A09209DFDF55DFB8C465ABEBBB1FB85300F10806BD5069B265D7B49E42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 06870070 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

MOC, xrefs: 06870236

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: MOC
API String ID: 0-624257665
Opcode ID: f7e4dddcd72aa62b638f7e80750c72bbf1ffdbac4499ef75d00c24a15a25fc1d
Instruction ID: 87fe070eff2b7202e991705d96fdf1b5aaf58df92dd63725379489e9b6388b24
Opcode Fuzzy Hash: f7e4dddcd72aa62b638f7e80750c72bbf1ffdbac4499ef75d00c24a15a25fc1d
Instruction Fuzzy Hash: 2B717CB0A04A05DFDBA5CF69C99196EFBF2BF88208B14892DD556C7B50DB31F841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014D02E8 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

:@yq, xrefs: 014D0537

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: :@yq
API String ID: 0-397920524
Opcode ID: f8fdd2222586ed1284c9b120c0346a6da768f137ee2a6bf37164d13331a0116a
Instruction ID: de6fa13ae02b80bfa5b95c9fd1f893f1b4edbe7a11f5abfd6a88761548f9442a
Opcode Fuzzy Hash: f8fdd2222586ed1284c9b120c0346a6da768f137ee2a6bf37164d13331a0116a
Instruction Fuzzy Hash: 8D518130A05205CFDB19DF68D46066E7BF2FF89310F14856EE506AB3A1DB35AC02CB52

Uniqueness

Uniqueness Score: -1.00%

Function 06870599 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

?yq, xrefs: 0687052F

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: ?yq
API String ID: 0-396147527
Opcode ID: a256cd901e1b9c9331dffa4071e164dc6d97671a2530051fe328479ac5cec38d
Instruction ID: 419074eca4a21d5549530fd545389cfe82034d91eaa1ce83f01e83bf14a689b0
Opcode Fuzzy Hash: a256cd901e1b9c9331dffa4071e164dc6d97671a2530051fe328479ac5cec38d
Instruction Fuzzy Hash: 36518070E04209DFEB55CFA8D4916AEFBB2BF48304F14846AD50AEB251DA31DD86CF91

Uniqueness

Uniqueness Score: -1.00%

Function 014D87D0 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 014D88E7

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 1f4e177c324e024055de45c3b12528de1b0f0529d5f284ce487b602096d37f94
Instruction ID: 1e62dea6d98c69af5c49b826c1b512a36bc11e8a1b6c8f50f91a7d6e81351792
Opcode Fuzzy Hash: 1f4e177c324e024055de45c3b12528de1b0f0529d5f284ce487b602096d37f94
Instruction Fuzzy Hash: D541FB30E0420ADFDF59DBA9D5666BEBBB1FF44300F5080AAE503A7261DB355A42CF52

Uniqueness

Uniqueness Score: -1.00%

Function 014D12A0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d3a8c8a59eb7ad04b7952b97ad711be20662119f9341f1b1fa289299d482bd
Instruction ID: 836aa95f77b3247bea73cf5b80684a9e925f08c0390f6e94ee5d64df49e60b0b
Opcode Fuzzy Hash: 59d3a8c8a59eb7ad04b7952b97ad711be20662119f9341f1b1fa289299d482bd
Instruction Fuzzy Hash: 8D22E134A00605CFDB25DF28C490A6EB7F2FF88304B10859ED85A9B766DB34AD86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 014D7E36 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4eff7e2cbe46bb28b1434e74087f7502e701de600706b995bab3600926cc6a
Instruction ID: 31987b81c228d3655dae9b552a6d3729a88f3f0728b2b1f2026ad3c582900c06
Opcode Fuzzy Hash: fc4eff7e2cbe46bb28b1434e74087f7502e701de600706b995bab3600926cc6a
Instruction Fuzzy Hash: BD023530A00605CFCB25DB68C5A4A6EB7F2FF84314F6485AAD84ADB761DB30ED46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 068705A8 Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d00336703046947cc21d6e26bd38a2423d3a83033d6f57be6a704c62ead0474
Instruction ID: 0d33e5a5448406bed816fa8a4a2d21cbcb3ca8641304ded097df1d38186dcd34
Opcode Fuzzy Hash: 7d00336703046947cc21d6e26bd38a2423d3a83033d6f57be6a704c62ead0474
Instruction Fuzzy Hash: D1E12670A00219CFDB55CF64C480AAEFBB2BF85314F158599D90AEB312DA71ED82CF91

Uniqueness

Uniqueness Score: -1.00%

Function 014D61B0 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db244ce3e0e628bd8a6c13b6660563b5344a0380f62a9feb7ee642dab273bf2b
Instruction ID: 9a05b8908e142270978f54773039b793db89bbd30a8f2f9d1f332100e92845a4
Opcode Fuzzy Hash: db244ce3e0e628bd8a6c13b6660563b5344a0380f62a9feb7ee642dab273bf2b
Instruction Fuzzy Hash: 6D818131A00519CFCF15DF54C890ADEB7B2AF85304F15C4AAD90AAF216DB71AE86CF91

Uniqueness

Uniqueness Score: -1.00%

Function 014DACF7 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2ba432d16ffaaac09f8ffc62add533df4d25956cd1132080a9442da223b494
Instruction ID: 5449e956fbb3b98ebcb41379dd6f41015403c2458d41e4e6e97c1baa97ae82c0
Opcode Fuzzy Hash: 1e2ba432d16ffaaac09f8ffc62add533df4d25956cd1132080a9442da223b494
Instruction Fuzzy Hash: F3819D307106168BD704EB69D494B7EBBA3FF84310FA0852CE6099B6A5DF70AD468792

Uniqueness

Uniqueness Score: -1.00%

Function 014DBE81 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34a30033a01aa3eb5e2d35a0f672a6a440a3a7963ec72a9d399b55f783ad582
Instruction ID: c891de60e7d6ea4f1a30fa70b1b7f87f6b1c2f4184f8ed7f24dbf1e7f7ea9040
Opcode Fuzzy Hash: e34a30033a01aa3eb5e2d35a0f672a6a440a3a7963ec72a9d399b55f783ad582
Instruction Fuzzy Hash: 787106712046018FDB15CF18C9E4B76BBE1FF81314F1A89AED65ACB662D731E841CB54

Uniqueness

Uniqueness Score: -1.00%

Function 014D4DB8 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4de7741b1963214102f6569b2aa55f387dd14717e5982df950eafff4b45855ee
Instruction ID: fd8fcffff62de3fa60a54c06f0a54802d3e50f99c04a2187cb03fe6cd7097270
Opcode Fuzzy Hash: 4de7741b1963214102f6569b2aa55f387dd14717e5982df950eafff4b45855ee
Instruction Fuzzy Hash: 916182302082459FCF06EB68D4A487D7BA2FF8531471885AFD54A8BA76DB34AC47C792

Uniqueness

Uniqueness Score: -1.00%

Function 014DEA88 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd109a25832d1cb06f4674dc21125a23d7111e17fcec43f4ddd98b5f555a112
Instruction ID: 3538932915052224e94313569ca0917e05345f71b798ecffce631eb77355d870
Opcode Fuzzy Hash: cdd109a25832d1cb06f4674dc21125a23d7111e17fcec43f4ddd98b5f555a112
Instruction Fuzzy Hash: A271FC34A04605DFDF15CB69C4A4BAABBF1BF48314F24855AD516BB761CB31F882CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 014DE320 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b265148ceb19a8c1d1f467345029afdd36b12d61ce36a924c68051be67852e67
Instruction ID: 0c8ff0f5b37245a36ad3f97f107b61ff2147cde68bbde9282880fa50dae35cf5
Opcode Fuzzy Hash: b265148ceb19a8c1d1f467345029afdd36b12d61ce36a924c68051be67852e67
Instruction Fuzzy Hash: C5515E31A00119DFCF05DF94C8508AEBBB7FF84714B15846AEA0ABF265DB31AD46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D76D0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9365c6385b6e38e3462938d24d804ea899da4a23363847ceb0b2097140ab2b
Instruction ID: e97b76860d387c7d0f60360572d2bafd32073611326e144911356acb2f8a4357
Opcode Fuzzy Hash: 1e9365c6385b6e38e3462938d24d804ea899da4a23363847ceb0b2097140ab2b
Instruction Fuzzy Hash: 1531F83190061ACBDF11CF24C865ADEBBB2AF85305F518499D909BB215DB707B8ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 014D7320 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295c0d1aeefe60edf287c44cf823fdb165fcb9001b31eb75a16554d2469b9d80
Instruction ID: 97c79c85b6c25d7a673b9c9f598b2360ff3b646fe76739f71903d41fc733f380
Opcode Fuzzy Hash: 295c0d1aeefe60edf287c44cf823fdb165fcb9001b31eb75a16554d2469b9d80
Instruction Fuzzy Hash: E2516E31B002198BCF19DBB9C4605AEB7F3AFD8314B54856EC80AAB355DF34AD42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D7BB8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2b1073ebeccfb4cbd1a3c0163ba13c3528d3ac8eeebb4bb3524480839fecfa
Instruction ID: 88a9e613bbdb9de12f21d68873743886d83b2fa12b02c866cd79880623d1ce34
Opcode Fuzzy Hash: bd2b1073ebeccfb4cbd1a3c0163ba13c3528d3ac8eeebb4bb3524480839fecfa
Instruction Fuzzy Hash: C2511F75D00618CFCB25CFA8C98469DBBF0FF48315F20856AD95AA73A4EB316946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 06870EC8 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d64cad4a7deb741fc0637c4a017358dc88bca21e603294342842a0231d8ad3f
Instruction ID: 41cb566d44217d0401f033b2bb6937f7ce50e8e1d74236efecd551dcab87e53e
Opcode Fuzzy Hash: 7d64cad4a7deb741fc0637c4a017358dc88bca21e603294342842a0231d8ad3f
Instruction Fuzzy Hash: 3E51AF70A01249DFEB54DBB4D0546AEBBB2BB88304F54812ED506EB389DB74DC46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 014DCDE8 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba00064e254da2cf3b4166efba230147f2cacd635374aaa6475e654c5ffb6ea2
Instruction ID: f225d748e565f2833c51bf50fa0b85ceac8e9daaadd617c8d737ebd19021d33a
Opcode Fuzzy Hash: ba00064e254da2cf3b4166efba230147f2cacd635374aaa6475e654c5ffb6ea2
Instruction Fuzzy Hash: CF41C170A00601CFDB24DF7AD4A456FBBF2FB98320B64852ED546977A1DB34A842CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014D09A5 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fc4d54157284eefdb8cf813f9ecc1bba5970842757628aa78b3164d06afe838
Instruction ID: 9d443bdaead3ae831fb9f9df11bd4700c56c4d33981da940d07f4845cf11493e
Opcode Fuzzy Hash: 8fc4d54157284eefdb8cf813f9ecc1bba5970842757628aa78b3164d06afe838
Instruction Fuzzy Hash: 7341B431B05205DFCF15DFA4E858AAEB7B2FF84310F25816AE1469B365CB70AC02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D0BC0 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f2682560705ed4d1528f87870ce1e57e2cc8c64458abc2fe703ffb259dae9f
Instruction ID: 4180e4439931594c6dca989f24de493b284c695d0f243744b5a669dccfe946a6
Opcode Fuzzy Hash: 38f2682560705ed4d1528f87870ce1e57e2cc8c64458abc2fe703ffb259dae9f
Instruction Fuzzy Hash: C541B9317042188FCB199B69C4146AE77E6AFC5710F1580ABF90ADF361CEB19D0B8792

Uniqueness

Uniqueness Score: -1.00%

Function 014DFB38 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2525b1b3400a8fecb93599521c47faf7c36c646873a90dcce21196599fa8fe04
Instruction ID: 8f03a3d8293196ca5f120e335d9595b8ab23e77069beaa0de92ecea1db0342c8
Opcode Fuzzy Hash: 2525b1b3400a8fecb93599521c47faf7c36c646873a90dcce21196599fa8fe04
Instruction Fuzzy Hash: 2F510E35A00204DFDB15DF68C490EAEBBB2FF88324F154599D912AB366D735EC86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014DEA79 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db27896dd4e080cfc252c5575f8e59115335af6cee254e1be8200f836fd2193
Instruction ID: 5bac9027f1952187b7b8b3d58dbc154d061e08d586ffdf06a6de5dd29cb3eca8
Opcode Fuzzy Hash: 2db27896dd4e080cfc252c5575f8e59115335af6cee254e1be8200f836fd2193
Instruction Fuzzy Hash: 6D514F34A04605CFEF25CB69C0A4BAABBF1AF48314F14855AD557AB771CB31F886CB60

Uniqueness

Uniqueness Score: -1.00%

Function 014D0682 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495b70337cf8be618232d0af8026c89720ea3e0beeb35a132ccad38da2cb2e87
Instruction ID: 0c0550d0293bb831d782feb6a910033ff0f2bd6d39a3c08915c1d22e458421a6
Opcode Fuzzy Hash: 495b70337cf8be618232d0af8026c89720ea3e0beeb35a132ccad38da2cb2e87
Instruction Fuzzy Hash: A8418030602201CFD7257B74F85C66E3BA6FF90615B25846AF507CB269DF745C438BA2

Uniqueness

Uniqueness Score: -1.00%

Function 014D1458 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d2539cfd0a3fa33850b77240cff8530f5abffde1976ab552846ed313fadf1c3
Instruction ID: afadb1a4d2b4782d5678fccb8e0069121af723a8fde96ce12299f3e0da63b39f
Opcode Fuzzy Hash: 4d2539cfd0a3fa33850b77240cff8530f5abffde1976ab552846ed313fadf1c3
Instruction Fuzzy Hash: 7151E334A00219CFDB14DB64D8A4B9DBBB2BF49304F5040EED90AAB366DB359D86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 014D84B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3597ba1aca15461ec078ab5063bfae40c881e00190764a8fbd89522341b050fe
Instruction ID: fe4f0efb760d11eafe46a0aeb774eb11b2fa9acdfddb350d8ef02d7b2b2790c4
Opcode Fuzzy Hash: 3597ba1aca15461ec078ab5063bfae40c881e00190764a8fbd89522341b050fe
Instruction Fuzzy Hash: 0B418A31A0020BDFCF10DB68D4A49BEBBB1FB84314F50866BE9168B265D730E956CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D5920 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd9513b3199b19ea5aaa1a5e32dcfbf428bdaf10b0441ec2ef2bbac63a7a0f6
Instruction ID: af9991a0f2cbbab06afb2d4f24d22e6f2319d6c384e82936a1a8ad3c49552faa
Opcode Fuzzy Hash: 8dd9513b3199b19ea5aaa1a5e32dcfbf428bdaf10b0441ec2ef2bbac63a7a0f6
Instruction Fuzzy Hash: 2E419130B053128BEF146BB9A43833F26B66F95610B54446FD506DF3A8EE34CC028752

Uniqueness

Uniqueness Score: -1.00%

Function 06870007 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d3eb0109d575427af456f1213d21f02d5074067e3988b0fa9461457e767f90
Instruction ID: 8287b33428f282c533817253043d9016d6a4762f341c2308c299bc661b1ba4ce
Opcode Fuzzy Hash: 61d3eb0109d575427af456f1213d21f02d5074067e3988b0fa9461457e767f90
Instruction Fuzzy Hash: 5241D070A0C785DFD753CF68CC91A6EBFF1AF42214B18859AD592CB262C734E844CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06870B30 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c880fbfdaf5f1649b9dcee761da22576dc8b35cf4163ff67d2bb2d06e01aa5c
Instruction ID: 69a5372b8539e800b32efc8e0de974230456f6cef3e18253c3341e1c9ac6a54c
Opcode Fuzzy Hash: 6c880fbfdaf5f1649b9dcee761da22576dc8b35cf4163ff67d2bb2d06e01aa5c
Instruction Fuzzy Hash: E6411771A04158DFDB81DBA8D4808ADFFB2FF8431471585AAE54ADB222C730EC01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 014D0690 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223c36af9bcc3197e35455fcee53ff6085e1ca4877f3fa4afac5de7bb00f2cc8
Instruction ID: 7af7925be792a9d6dea35d50603db34be25de1a76d3ab336e4faa31749487323
Opcode Fuzzy Hash: 223c36af9bcc3197e35455fcee53ff6085e1ca4877f3fa4afac5de7bb00f2cc8
Instruction Fuzzy Hash: 48418030612205CBE7257B34F85C66E3B66FF90605B25842AF507CB268DF709C438BA2

Uniqueness

Uniqueness Score: -1.00%

Function 014D6EA0 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1373bc5e628777cc89ec87d0ce444e40a2b039f83004c79fa6882383207de765
Instruction ID: 825e4ae2d7a40b10ddcbc5a2956194b912d270c6146f38c8d8cf36a99ebe50fa
Opcode Fuzzy Hash: 1373bc5e628777cc89ec87d0ce444e40a2b039f83004c79fa6882383207de765
Instruction Fuzzy Hash: 5B41BF30601210CFCB05EB76E4545AEBBF2FB9D61035440AEE94A97792DF79AC06CB52

Uniqueness

Uniqueness Score: -1.00%

Function 014D9220 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7fe76ae404d54ec27f9b23be761cf52d9a653b0123fef85d3b74834be81372d
Instruction ID: 5b5f2dec9ca1d47c6379be4a1764a6ea122325fd6e456fecfd8ed4e3d20b0d6b
Opcode Fuzzy Hash: f7fe76ae404d54ec27f9b23be761cf52d9a653b0123fef85d3b74834be81372d
Instruction Fuzzy Hash: 38412A3020D351CFCF029B68D4A85797FF5AF42318B0589ABD486CB672CB759C06C752

Uniqueness

Uniqueness Score: -1.00%

Function 014D6EB0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4842dc62435a04ed3c9fcf49d1488d99778b2bf5df2cf123afc9b27f8bc0f1a
Instruction ID: cf5a64b47764bf690982a8e43135759d07a425f66179d73e51a09e95f6d9f57c
Opcode Fuzzy Hash: f4842dc62435a04ed3c9fcf49d1488d99778b2bf5df2cf123afc9b27f8bc0f1a
Instruction Fuzzy Hash: 7941C234701210CFCB05EB76D05456EBBF2FB9C61035440AEE94A97792DF79AC02CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06870498 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a54f3f4cb6d97f3b9ee868c483afa1f69dff358bdf811d3c394441a5f11428
Instruction ID: 718e994b1b8e4e0aa13055f77f3f652313921ae276a3c17cebec4708f7d1dbc5
Opcode Fuzzy Hash: 06a54f3f4cb6d97f3b9ee868c483afa1f69dff358bdf811d3c394441a5f11428
Instruction Fuzzy Hash: D8313672A04218AFDBA0DBBDD8405AEFBE5EB9931CB04817BD21DD7261C632D842C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 014DB098 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8291870520729755343be25faeb4ec14a2d23f527675a6fedd80006fe2208e2e
Instruction ID: 34c52fa84e8845d8865a987e2b8941cf64e5a3e2b2dd6ee28309e92f6b0eef26
Opcode Fuzzy Hash: 8291870520729755343be25faeb4ec14a2d23f527675a6fedd80006fe2208e2e
Instruction Fuzzy Hash: 0531F271B006258BCB04DBA9C8906AEFBF2FF89350B61442EE40AD7750DB34EC41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 068710C0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80498fc909b6cd9f6f4d235b17acff65a0883bfb3784504a0c6a00957a114bcb
Instruction ID: 011bfa95150231651f3c9263e6b459887634506bffb3989a971ae7d83bb45b9e
Opcode Fuzzy Hash: 80498fc909b6cd9f6f4d235b17acff65a0883bfb3784504a0c6a00957a114bcb
Instruction Fuzzy Hash: 4141F234E10208DFDB84CFA8D484A9DBBF2BF49304F28856AD955EB701D731E942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014D02DA Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593943b0dec00f72368c9a494103177919f1a9c81d7723884e60e7bf48a8784d
Instruction ID: c1eeb797df800493a179bcc92c3b619cf94c44055a21752ffa75bbe436a341c8
Opcode Fuzzy Hash: 593943b0dec00f72368c9a494103177919f1a9c81d7723884e60e7bf48a8784d
Instruction Fuzzy Hash: D3415C30A012058FDF19DB68C064BAE7BF2FF89710F15446EE506AB7A1DB71AC42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 014DEE50 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888bb8e0274bb2f08bc16d4f75d08eee31ff380b19b6f91fb0b4fe8be2a325bb
Instruction ID: 9e5d2fe86b2ae5b79e7271b6e6f69f4423d4a8adeb20c53f0ebaec17ef52db64
Opcode Fuzzy Hash: 888bb8e0274bb2f08bc16d4f75d08eee31ff380b19b6f91fb0b4fe8be2a325bb
Instruction Fuzzy Hash: 1C31A432A00115DFDF15DF68D8648AEB7B2BF89315B05046EE906BF260DB75AC06CB92

Uniqueness

Uniqueness Score: -1.00%

Function 06870BF0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3fb03b6c7bd0ea99919359574dfbf5427f861d409a81ad36ec078886cbb02f7
Instruction ID: fc660f0f8a75724a6135ce978e60bcbca1393de84d16b1b2256bcc9402a3408b
Opcode Fuzzy Hash: c3fb03b6c7bd0ea99919359574dfbf5427f861d409a81ad36ec078886cbb02f7
Instruction Fuzzy Hash: 0B318E70A005199BDB49EF65D4909AEF7B3BFC43047648529E80AEF305DB30ED02CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 014DE1FB Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42b312b2b9544a32cff103dd253f40d9a88285034b12db9e01c3c171b25d19b
Instruction ID: 057eaf94b36c3cdb5222f7d6bdd0ba8b901735eb24d7c9197b9d5b6caa9eab73
Opcode Fuzzy Hash: c42b312b2b9544a32cff103dd253f40d9a88285034b12db9e01c3c171b25d19b
Instruction Fuzzy Hash: 13316C31A00204DFCF55DFA8C5546AEFBF1BB88314F14816AD40AAB355DB34AD42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 014D1292 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34ccb0128e4d50c7a016357b97cee7922b783188a906542e4e541e5d0e98e11
Instruction ID: 655cf755dce6560c823e1ae2f3650c881f624949beabc4b5b4158b109b72a50f
Opcode Fuzzy Hash: d34ccb0128e4d50c7a016357b97cee7922b783188a906542e4e541e5d0e98e11
Instruction Fuzzy Hash: 0F411630A04219CFDB64DF64D894BADBBB2BF49304F0040AAD80EAB361DB349D86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 014DE311 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c92559a71159737e779b24d1828744dc0c677e938cc0f5f61a1b1dac2b5fe4
Instruction ID: 42e3515287713729f10f62efc337ebab4407c155e7006985ffbd038054e859b6
Opcode Fuzzy Hash: f7c92559a71159737e779b24d1828744dc0c677e938cc0f5f61a1b1dac2b5fe4
Instruction Fuzzy Hash: 00315072A00219DFCF05DFA4D9549AEBBB7BF84304B11446AEA0ABF261DB319D06CB51

Uniqueness

Uniqueness Score: -1.00%

Function 014D0006 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fb17c4b9d05f72396c809db4c09d80c30449f6b114e2156757c379cc0afa5f
Instruction ID: fe34d5a7380e754e5407583a85b12cba46167255e2ba0b49677ae598495ba8f2
Opcode Fuzzy Hash: a1fb17c4b9d05f72396c809db4c09d80c30449f6b114e2156757c379cc0afa5f
Instruction Fuzzy Hash: 7331687050E3C69FCB17AB74A8244AD3FB1FE42218B0945DFE481CB1A7D6798D4AC722

Uniqueness

Uniqueness Score: -1.00%

Function 014DEE41 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a21871c2022ba37103b00278ffa3a16329e29f320f495308f20e683d5ba7b4db
Instruction ID: 758b387151b5e9b1351ee740b5abc88a21d3caeb0aa7c5a70c942979f39467a7
Opcode Fuzzy Hash: a21871c2022ba37103b00278ffa3a16329e29f320f495308f20e683d5ba7b4db
Instruction Fuzzy Hash: 8831D832900115EFDF01DBA4D8549AEBBB2BF98310B05056AE906BF260DF71A806C792

Uniqueness

Uniqueness Score: -1.00%

Function 014D43C0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 247404856bce308e97b3ffb31224271f004d10319c17b2c58a0d4cd0c907ad6f
Instruction ID: 923e4e65c88bbcf26ab52ef78225700d7758177bd6f56ac50e9ea6ec75746829
Opcode Fuzzy Hash: 247404856bce308e97b3ffb31224271f004d10319c17b2c58a0d4cd0c907ad6f
Instruction Fuzzy Hash: 76310031500251CFDB11DF68E8588AD7BB2FF4530471880AEE1069B27ACB39AD53DF51

Uniqueness

Uniqueness Score: -1.00%

Function 014D45C8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2873c1078ee434d66168a44c5e1f65ce5e977e4d32e67467c355ad313bcd30
Instruction ID: 0f0c20afbdbf63b5818f93e78a230117fe0a2ee5fd2e8ef025d51fc0d6352282
Opcode Fuzzy Hash: 9a2873c1078ee434d66168a44c5e1f65ce5e977e4d32e67467c355ad313bcd30
Instruction Fuzzy Hash: 8621A531F0011ADBDF00DAA8DC91AFFB3B9EB88200F18413BD61ED3650E774591687A1

Uniqueness

Uniqueness Score: -1.00%

Function 06870DA0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a6f865b7a8d2d1cbfb29bd9ca541894a932951e500297f41c285b2b20ea156
Instruction ID: 71c6d67e937aa05cd926411cccccc2f2863a5f7a2c7bfdc84907841afe55f0a2
Opcode Fuzzy Hash: b4a6f865b7a8d2d1cbfb29bd9ca541894a932951e500297f41c285b2b20ea156
Instruction Fuzzy Hash: 52410CB1905B54CFE379DB2AC54576ABBE2AF84309F14C86EC29AC6A90CB75F441CB40

Uniqueness

Uniqueness Score: -1.00%

Function 014D7312 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f4fade6a0f1cc5fbccfbd8060625fb86a3c65efc2eea14c4ffe5689459b02e0
Instruction ID: 4ecb2c5bea977a192482b6454ffdb8a36bf1ee2baf3e361a543c89522d4c5c92
Opcode Fuzzy Hash: 9f4fade6a0f1cc5fbccfbd8060625fb86a3c65efc2eea14c4ffe5689459b02e0
Instruction Fuzzy Hash: 04315E31E0021A8BCF04DBBAC4644AEB7F2EF84314B14856ED919AB365DB35AC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D50E0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8333b1be60894a216022a7a59c199b40d71fdab84a744185f3b49955102b3c75
Instruction ID: 097b11f3e262ec1be8bea1beae92f32f1fa02a77932ca6eff126d4a50eb3db15
Opcode Fuzzy Hash: 8333b1be60894a216022a7a59c199b40d71fdab84a744185f3b49955102b3c75
Instruction Fuzzy Hash: E9214B31E003099FDF04DBB9C4246AEBBF6AF89300F15452AD50AAF365DF70A946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 014D6CB9 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb4d909f4f98faf9784e7b5a11afa88fb10c715b1f13244bd319cb0084fbb3b3
Instruction ID: b037d156e79863238a108db34cd05346a472c55aa8b90898c4b5a74288b18286
Opcode Fuzzy Hash: eb4d909f4f98faf9784e7b5a11afa88fb10c715b1f13244bd319cb0084fbb3b3
Instruction Fuzzy Hash: 6E319E30210301CBC715EB38D0586AE7BA2FF91354394896EEA46CB395DF399D4BCB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D5B51 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 082cb3ec375bde7bb4527ce4c4a3db50af05939dd36984da523f3d057a7623d2
Instruction ID: cfa7c3112b59ad2aeb18763417d27a370ddef0fe4dd27266d14a3915b5a5860c
Opcode Fuzzy Hash: 082cb3ec375bde7bb4527ce4c4a3db50af05939dd36984da523f3d057a7623d2
Instruction Fuzzy Hash: 06219032B002059FCF58AAB984605FEB6F6AFC8620B14453FC50BEB351DE758D428BA1

Uniqueness

Uniqueness Score: -1.00%

Function 014DE767 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 351a6fe048911b93b00d19c2bc302ac99d04fd9c58765a6e4642927695482956
Instruction ID: 4b0e1e1230133560e18243a3e4e28fcbc9b45cdb6d48cb6b147a29f9cd381812
Opcode Fuzzy Hash: 351a6fe048911b93b00d19c2bc302ac99d04fd9c58765a6e4642927695482956
Instruction Fuzzy Hash: B6316E31B00305CFCB55DFA9C5956AEBBF2AF88305B50442EE906EB790DA35EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014DE011 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d94c0b24b43fbbda817a16deb5cf8a14e31e2b0f699eed264019e69d291480b
Instruction ID: 65e7222026d64cd9a16d8bf0d122b36642266f72d29ac0e4f5e9d0298d7d75f1
Opcode Fuzzy Hash: 6d94c0b24b43fbbda817a16deb5cf8a14e31e2b0f699eed264019e69d291480b
Instruction Fuzzy Hash: 3E316A302106018BC76AAB78C09066A77E3BFC57047A88D6DD0869F794DE7AED078BC0

Uniqueness

Uniqueness Score: -1.00%

Function 014D43D0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2012bbf0c95e826deffd33133ff6fcea5d31478b0228e694504426bc1340329
Instruction ID: 1a062827e7aae9c92026afc7bed78379465f94fbb98088153979179792d9e8f9
Opcode Fuzzy Hash: f2012bbf0c95e826deffd33133ff6fcea5d31478b0228e694504426bc1340329
Instruction Fuzzy Hash: 9F31D131600215CFDB11EF68E8588AD7BB2FF44304718806EE6069B27ACB35AD57DF51

Uniqueness

Uniqueness Score: -1.00%

Function 014D87A0 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c448ea7e4bf24ab13a0a514a2475fdfdbd151d783287e5978470557c2cffc9
Instruction ID: a71d572281d3e2625cc2e7846ee093deea3f413b864f47790b16c3ee49a81d93
Opcode Fuzzy Hash: b1c448ea7e4bf24ab13a0a514a2475fdfdbd151d783287e5978470557c2cffc9
Instruction Fuzzy Hash: 3D314F30D0834ADFDB55CBA5D5666BE7BB1FF01304F1540ABE4029B261D7399A42CB52

Uniqueness

Uniqueness Score: -1.00%

Function 014D8618 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a801174f87c49740e23d65d96bf6a520ebfa795711c9007312a7262a31a4703f
Instruction ID: 34c05f6e9a04c96686186baf6b8596436593f70fe77ace3b43bb81945b1b2381
Opcode Fuzzy Hash: a801174f87c49740e23d65d96bf6a520ebfa795711c9007312a7262a31a4703f
Instruction Fuzzy Hash: 7B318130614301CFCB45EB78E46453D7BA2EB84221716846EE90BDB3A5DF389C43CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06871049 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef8476b3e57754e91115e0a31555086bf65708aac871e52c655b4280962ceef
Instruction ID: f62e79cda493a5544e46f1cbd225c92be0c2b8bf22747e04e82a3aa431dc9204
Opcode Fuzzy Hash: 4ef8476b3e57754e91115e0a31555086bf65708aac871e52c655b4280962ceef
Instruction Fuzzy Hash: B7317C70A012058BEB15DBB9D0546AEB7A2BB98304F54816EC51ADB395DF34EC06CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0687103D Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef8476b3e57754e91115e0a31555086bf65708aac871e52c655b4280962ceef
Instruction ID: f62e79cda493a5544e46f1cbd225c92be0c2b8bf22747e04e82a3aa431dc9204
Opcode Fuzzy Hash: 4ef8476b3e57754e91115e0a31555086bf65708aac871e52c655b4280962ceef
Instruction Fuzzy Hash: B7317C70A012058BEB15DBB9D0546AEB7A2BB98304F54816EC51ADB395DF34EC06CB82

Uniqueness

Uniqueness Score: -1.00%

Function 014D55E8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60daf97c73d70fcb5b541f522089ff7d3692b8a2e46dbd884e36388ba6da297c
Instruction ID: 406df44909d888a22748fdbc764294699857ed86d51147fd44895f28dbc87ebc
Opcode Fuzzy Hash: 60daf97c73d70fcb5b541f522089ff7d3692b8a2e46dbd884e36388ba6da297c
Instruction Fuzzy Hash: C121D830B002059FDF149F79D4647EE7AF6AB88710F14007AE50AEF3A1DEB14D428B91

Uniqueness

Uniqueness Score: -1.00%

Function 014DF057 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0e5d05582b62cd1e2e946a2c523b1facd3899723e0dfa9c9924cfb6fccd76e
Instruction ID: 50a8f1a14c68ca2741a35b70df70f84b8357e4b18c2ddadf01cc8bcb90a5755b
Opcode Fuzzy Hash: 3f0e5d05582b62cd1e2e946a2c523b1facd3899723e0dfa9c9924cfb6fccd76e
Instruction Fuzzy Hash: BF314B34900208EFDB15DFB8D850AEEFBF6EF8D300F50802AD505AB261DB355A56CB61

Uniqueness

Uniqueness Score: -1.00%

Function 014D2C58 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031d2058f6a9b24c9257d7dfa6de704ba47997ead282fb3f81fed75fa6b3eee8
Instruction ID: 35896d3d7dfb64204de5ada647fa0c76145d9c1e630079903a5d198a89a345d9
Opcode Fuzzy Hash: 031d2058f6a9b24c9257d7dfa6de704ba47997ead282fb3f81fed75fa6b3eee8
Instruction Fuzzy Hash: 0C213430609242DFCF158BB8D4A8D39BBE5FF82614B1442ABD056CB2B2C7B58C43C752

Uniqueness

Uniqueness Score: -1.00%

Function 02FC0844 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.542044022.0000000002FC0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fc0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a638eefd17cbde626e4ecea99522b8fc12ec93e777189bddc8a37c34b7e3a3
Instruction ID: 619275330404334819a9874e16d527919f676428b349a8e498f12d2211544d4f
Opcode Fuzzy Hash: 08a638eefd17cbde626e4ecea99522b8fc12ec93e777189bddc8a37c34b7e3a3
Instruction Fuzzy Hash: E931D1715493C09FD302CB14D950B25BFB1EF86214F28C5EED8888B663C73AA816DB92

Uniqueness

Uniqueness Score: -1.00%

Function 014DAA90 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084157d1dd835ae289dc700af22cee9c17986e04e48dfaba985a467308659ec1
Instruction ID: bf488f5b8fee572a151081206da071c9d3cfef3e9f17d639fe5536a8f31e56b5
Opcode Fuzzy Hash: 084157d1dd835ae289dc700af22cee9c17986e04e48dfaba985a467308659ec1
Instruction Fuzzy Hash: B0219530B00219DFCF14EF74D9509AFB7B2FB88610F24892AD102AB390EB70AD06C791

Uniqueness

Uniqueness Score: -1.00%

Function 014D5B60 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b648c1ee2760a3b99265807b6f367042fa0279630a1426b2ca48c34ea042126d
Instruction ID: 0e0af5dcd32730676e13f173078f9e555c19197be2f78b1001f9ea1d9dec6179
Opcode Fuzzy Hash: b648c1ee2760a3b99265807b6f367042fa0279630a1426b2ca48c34ea042126d
Instruction Fuzzy Hash: 0E219331B042059BCF18AB7984605BFB6F6AFC8610F54453BD50BEB351DE35CD428BA1

Uniqueness

Uniqueness Score: -1.00%

Function 014D5830 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c77c6996ef33f5988796b8a86ea1b1043b383f7bbc006e4c8373e4c77a081d
Instruction ID: 0c36a77df1b3a0ff9db1648118a0c0530128de7ff85431ca60a66bfa702acbd4
Opcode Fuzzy Hash: 93c77c6996ef33f5988796b8a86ea1b1043b383f7bbc006e4c8373e4c77a081d
Instruction Fuzzy Hash: 0621A131B042059FCF18A7BA986057FBBF6AFEA210B54457FD006DF2A2DD758C0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 014DED40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc7dbfb635a43525a4f9326e5f7d34563d2e22703e2f3da74481b8e887ca2bc
Instruction ID: fea281b812053f312d8e9ca8a2efe5845f33bd42bee104dc0c64641e6f3fd88f
Opcode Fuzzy Hash: 1dc7dbfb635a43525a4f9326e5f7d34563d2e22703e2f3da74481b8e887ca2bc
Instruction Fuzzy Hash: 70217C30A05216CFCF55CB6D84106AABBF2BF88214F18807AD449EF361EB319943CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D21E8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfbad662f0fbc9c7b19307b8f8d228745a4ddccb447a7de533135329620804db
Instruction ID: 63426c0828e7b94aff68d76602e2fff89a3649b9bf0556379b4f0e1aa3d6d61a
Opcode Fuzzy Hash: dfbad662f0fbc9c7b19307b8f8d228745a4ddccb447a7de533135329620804db
Instruction Fuzzy Hash: 6F312B30D0920ADFDF55DBB4C064ABEBBB1FF45300F1040ABE542972A5D6B59E46CB52

Uniqueness

Uniqueness Score: -1.00%

Function 014D25DE Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81dfdd576a57c3f826fdc6c1280e7149ca60ea76648de1d155c1c82af29ab81a
Instruction ID: 3d641a075d54267fd81b5fad400be17e79cf2faed3221a9ffcbdea9535f63a0e
Opcode Fuzzy Hash: 81dfdd576a57c3f826fdc6c1280e7149ca60ea76648de1d155c1c82af29ab81a
Instruction Fuzzy Hash: 94314030A05349CBDB61CF65D454A9EBBF1FF84714F14C56EC009AB269DBB4984ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 014D8C0E Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade5cbb261ea87aa20559e2b592dc9401afc23bb30c4288b17e662ad1342b128
Instruction ID: e70669a362a0864c1130a350f77a61cbbd6855e0b73440b64eddfa0e4b26e3fd
Opcode Fuzzy Hash: ade5cbb261ea87aa20559e2b592dc9401afc23bb30c4288b17e662ad1342b128
Instruction Fuzzy Hash: B3316B30A1034ACFDF61DF69C45565EFBE2BF44308F14856ED4069B265DB78A886CB41

Uniqueness

Uniqueness Score: -1.00%

Function 014DDEA7 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbfad7845dfeb770d7c298c156e0750e7ecf3012873d238e751057742191e87
Instruction ID: bd3ff9c82a9cb0eb038e781a3a5cb6e4a0595a3803207971b00dc1dd4d91f0ad
Opcode Fuzzy Hash: 8bbfad7845dfeb770d7c298c156e0750e7ecf3012873d238e751057742191e87
Instruction Fuzzy Hash: C9218C31B14214CBCF16DBA8D4203BEBBE2AF88215F1444BFE846DB391DB35AD468791

Uniqueness

Uniqueness Score: -1.00%

Function 014DD391 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a13f0703d545c759418780507ece7a05da029b01bc2bf1b0ac6cc448a9911c
Instruction ID: 4874ca267630bea9347799d3ea80c539ce1e5b941b215c0371f34d9d10cdc430
Opcode Fuzzy Hash: d2a13f0703d545c759418780507ece7a05da029b01bc2bf1b0ac6cc448a9911c
Instruction Fuzzy Hash: 3D312C70611301CFCB499F68D11455A7BA1FB5931876488ADE90ADF396DF36AD0BCB80

Uniqueness

Uniqueness Score: -1.00%

Function 014D75D8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fcbca5b1ff0660b00ed2c40291856ec826ae4cd78e73f63328166e883f96f26
Instruction ID: 4e143ffe2843a872fba19263149dd53c93c46f1633c1e008b0caf1d8ec4fee39
Opcode Fuzzy Hash: 3fcbca5b1ff0660b00ed2c40291856ec826ae4cd78e73f63328166e883f96f26
Instruction Fuzzy Hash: 73113D3170821087CF26566C9870E7E7B966BC4636764462FD60ECB3A5FE348D0343A3

Uniqueness

Uniqueness Score: -1.00%

Function 014D5840 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 465b8d85b23f28bc675727c4600fefb2c335dabed03252f521b227a8631783ed
Instruction ID: e0408b58501a7751e0388391949e5bd1dbebef4966bd770f8237daabc5c02c32
Opcode Fuzzy Hash: 465b8d85b23f28bc675727c4600fefb2c335dabed03252f521b227a8631783ed
Instruction Fuzzy Hash: 7C119D317101169BCF18A7BA986097FB7FAAFE9214B90453FE0179F3A1DD709C0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 014DFC9E Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c94d887162ebf3daeb58983c2776fc44fb0ffcf3f646ead98b197f9658b68e95
Instruction ID: 1f318bd227321d11e551560157c7f24e8ae30ec8b3e336d73801dfa29a909acd
Opcode Fuzzy Hash: c94d887162ebf3daeb58983c2776fc44fb0ffcf3f646ead98b197f9658b68e95
Instruction Fuzzy Hash: 5931C5396002048FDB10DFA8C590EAEBBF2FF88324F164595DA01AB362D735EC86CB50

Uniqueness

Uniqueness Score: -1.00%

Function 014DAA80 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b20d3f32ad53274a88c223e9cfe4bc6a58121a471a30a7a8769ebf4d757ae7
Instruction ID: 37ffbd7a5c74fc945bad5c9fd949bc10514e815d55adacb2ce2bf5f2bb919d57
Opcode Fuzzy Hash: b8b20d3f32ad53274a88c223e9cfe4bc6a58121a471a30a7a8769ebf4d757ae7
Instruction Fuzzy Hash: 3A11B430B00215CFCF24EE74D951AAFB7A2EB84610F24492AE502DB390EB749D068792

Uniqueness

Uniqueness Score: -1.00%

Function 014DB088 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b18c64f006bc8a2e107efcf770be5ae868f54457b95edfbd917b153689203fe
Instruction ID: 684374d1418d999accea482c7be944b9d5c45e50350967d8d7ecd3a686c6777a
Opcode Fuzzy Hash: 9b18c64f006bc8a2e107efcf770be5ae868f54457b95edfbd917b153689203fe
Instruction Fuzzy Hash: 4321C6B2E00226CFCB04CFA9D8545AEFBF1FB89210B11812BE855E3350D7349D05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014DE610 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0cda165b006fa7671d0cf320b49a811025689e1d296b50d24c21dee9e5514b
Instruction ID: 58760a7f7171decfa841099ec0738c6924482f0fabe62b5878dce1c030ac0453
Opcode Fuzzy Hash: ab0cda165b006fa7671d0cf320b49a811025689e1d296b50d24c21dee9e5514b
Instruction Fuzzy Hash: 9B218E70A04104DFCF54DF68C560ABEBBF5EB98610B94806BE40EFB260D731AE02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D5000 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0784653a67bcc6d8efc9d2c31eeba4720a33a0a70ada0a932a45c26898e8eff
Instruction ID: 1ffe4065e8bac342e9d5d3f4418849c212cbee6dd6a85cc887c00ca40ef7bc5c
Opcode Fuzzy Hash: d0784653a67bcc6d8efc9d2c31eeba4720a33a0a70ada0a932a45c26898e8eff
Instruction Fuzzy Hash: 4011AF71A001168FCF46EBB9946067E76B1EB84204B55407AC90AEB395EF309D03CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 014D50D0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef052dbf779e0af78e9f24b9cc4be453b124884711a63691e22b2e8f86e0afa
Instruction ID: d91bd0eadb271617ceec4e71968b754095c4eeb5e51fba18eebd5150d0dcc6f6
Opcode Fuzzy Hash: 0ef052dbf779e0af78e9f24b9cc4be453b124884711a63691e22b2e8f86e0afa
Instruction Fuzzy Hash: 88112B71D003099FDF01CFA9C8146EEBBB2AF85314F21452AD509BF265EB74698ACB80

Uniqueness

Uniqueness Score: -1.00%

Function 014D48C8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21f06b5352b67d5c184318fbb6e180b7d786cfa9aec50987bbc5e51e3553cc9e
Instruction ID: 2239df5de6d13af15783e61c9970e4a33239d9b95c3230709f55256a3816e1c3
Opcode Fuzzy Hash: 21f06b5352b67d5c184318fbb6e180b7d786cfa9aec50987bbc5e51e3553cc9e
Instruction Fuzzy Hash: 20110232F0515AABCF44DAB5C8608FEB7BBAFC4610B48402AD906B7690DE301E0787A1

Uniqueness

Uniqueness Score: -1.00%

Function 014D48B8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebe23105bc15158ebcac1c1602f61b7bfd73037e87033705cc1243c370e38c2a
Instruction ID: bb104a06f6b8d002ae18fbe55a74ddeba890b8b9687e0d33ac20f4952579f1fc
Opcode Fuzzy Hash: ebe23105bc15158ebcac1c1602f61b7bfd73037e87033705cc1243c370e38c2a
Instruction Fuzzy Hash: 5211C632B0525A9BCF45DEB5D8604EEB7B6EFC6220B08406BD506B7660DE345E078B91

Uniqueness

Uniqueness Score: -1.00%

Function 014DB223 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f70032c87d87b0a7362ca56eb2d1556dc838b1e0d9d3f184305bf8655e9e9dd3
Instruction ID: 385cd7382f6b392dfd0bc4af110e0af1f7d7c775d63217e68f888eee2a078f22
Opcode Fuzzy Hash: f70032c87d87b0a7362ca56eb2d1556dc838b1e0d9d3f184305bf8655e9e9dd3
Instruction Fuzzy Hash: 03115C332092949FCB16576D9814A6F7F65EBC3660B4A40BFE8048B652DE346D05C3A6

Uniqueness

Uniqueness Score: -1.00%

Function 068702C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896933efb3b823dbabc7449785f10ddd76f001a4a1e0c9943ee077d530c1fb1d
Instruction ID: 2b370ae4ce1922cd6244fb787ab64b21ef390033c7b4c134f05ac408eb12cc9e
Opcode Fuzzy Hash: 896933efb3b823dbabc7449785f10ddd76f001a4a1e0c9943ee077d530c1fb1d
Instruction Fuzzy Hash: 8E110A76801118EFCF068F90EC09CA9BFB6FF49310B068495F615AB032C736D529EB52

Uniqueness

Uniqueness Score: -1.00%

Function 014D4520 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc55ed6e73abd6446c9ccd42e052be6fe57da27bd98853aeb38e76b39eec5f92
Instruction ID: 5667d4f5a46d548fa628b1dae41967f19069f49db6a0488281a36eb883876311
Opcode Fuzzy Hash: bc55ed6e73abd6446c9ccd42e052be6fe57da27bd98853aeb38e76b39eec5f92
Instruction Fuzzy Hash: F001C432E0411587DF04DA69D4202EFB7A69FC6221F48403FAE06ABB50DE719D4687D1

Uniqueness

Uniqueness Score: -1.00%

Function 014DC8C8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1817018e760bbaed87be535a0bbb2dcae3219b105753d7f097daef5ea8a792b6
Instruction ID: 98044dc2eaef44412f30aea30269d10612747ce97b81bf1c2fe22071da351b72
Opcode Fuzzy Hash: 1817018e760bbaed87be535a0bbb2dcae3219b105753d7f097daef5ea8a792b6
Instruction Fuzzy Hash: 89114F31704015ABCB58AB69D4A4A6E77E7ABD971071480AEE40A9B365CF31AC03C795

Uniqueness

Uniqueness Score: -1.00%

Function 014D0B18 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2cfd7fac0abb737853e5630bae40558164fce9e25368e15907fe57c2e0111d4
Instruction ID: 7e8b4c3587db78cc87e896abd22f4033ba85e8270f7e8236ab375367f29f8964
Opcode Fuzzy Hash: a2cfd7fac0abb737853e5630bae40558164fce9e25368e15907fe57c2e0111d4
Instruction Fuzzy Hash: AD11C430F6C256EACF246DF4983477F72A99B44A8CF10446BB943EB6A0DA70C902C791

Uniqueness

Uniqueness Score: -1.00%

Function 014D5730 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cc78cb09803e7e04fc762b1776fff65d2abadb7251761ec0ae559b7f0c9077
Instruction ID: 7b3667e073f99cfa1c450ff9fa661edf728e1f1d6a4994c97c7a516543022f62
Opcode Fuzzy Hash: c9cc78cb09803e7e04fc762b1776fff65d2abadb7251761ec0ae559b7f0c9077
Instruction Fuzzy Hash: 6711BF30A04206CFEB04DFB4E8516AE7BB5EF85254F20012FD605DA255EB399C43CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014DFA30 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 841f979690875419551fcfd86e4d2e33f79e4e9860f663140cebcedca6434f6c
Instruction ID: 79827da80ffafaf02b8935f20dc99800a3ffd3eb8fb8a984e384986d6b12f15e
Opcode Fuzzy Hash: 841f979690875419551fcfd86e4d2e33f79e4e9860f663140cebcedca6434f6c
Instruction Fuzzy Hash: 2211D030A04309CBDF359BA4D4647AFBBB1AB88318F14042FC507A7361CA75594BCB91

Uniqueness

Uniqueness Score: -1.00%

Function 014DC9F8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeeb5284e4185e1152463296b76dee00cd8f1da0bc617310851b1ee3fcbfca09
Instruction ID: 01a3cb272f33757d5de1c5843d93c9dceb7c62cbb11554829b693b6708d494f3
Opcode Fuzzy Hash: eeeb5284e4185e1152463296b76dee00cd8f1da0bc617310851b1ee3fcbfca09
Instruction Fuzzy Hash: 1F11C430318241CBCA19EB78D1A063EBB939FE1254794885E954BDB7E0DE36EC07C752

Uniqueness

Uniqueness Score: -1.00%

Function 02FC087C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.542044022.0000000002FC0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fc0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4806db3f46a9efca6d42b7c5a37f4a3cd79e97b074ac381f4808df843a58020f
Instruction ID: d46bb3ec69f8cd168944c17ca9cecaaa5303749071a8394e312f007ca0a02c6f
Opcode Fuzzy Hash: 4806db3f46a9efca6d42b7c5a37f4a3cd79e97b074ac381f4808df843a58020f
Instruction Fuzzy Hash: 7B11E735608281DFD715CB14CA40F26BB91AB88708F34C59CEA494B792CB7BD403CA91

Uniqueness

Uniqueness Score: -1.00%

Function 014D7BA9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecbd708e5b5c23390f2961e6d7365827dda15673e903449df93cc076f87e23e2
Instruction ID: c36d80e283096e8e9bed43ce76252c1cc82052bab28d395e2d24e5ec4c702f78
Opcode Fuzzy Hash: ecbd708e5b5c23390f2961e6d7365827dda15673e903449df93cc076f87e23e2
Instruction Fuzzy Hash: A211DD319042049FEF12CFA8D8146EEBBF1EB49319F1040BBC602AB2A1D7355D4ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 014DE601 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e2cd2856ff51e9d03340684d6401d943992b9072d3ff8e2f8aaa7d7eadaa19a
Instruction ID: 06dfe450b99b4d635c81daf5b3fe41d7bc1f0125d0b6874dc297abceb891d818
Opcode Fuzzy Hash: 8e2cd2856ff51e9d03340684d6401d943992b9072d3ff8e2f8aaa7d7eadaa19a
Instruction Fuzzy Hash: 00119075A04104CFCF54CF98C660ABEBBF4EB58214B94805BE40EFB261D330AA02CF91

Uniqueness

Uniqueness Score: -1.00%

Function 068702D0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ee522a895f0c4029e23ea4533e9e78da43c9d46af1fa474d7d0298e09425f9
Instruction ID: 6699bf2693f47e072e62cd65df16f8689a6e90c116c534a7e65e8660e2fe3ab8
Opcode Fuzzy Hash: 60ee522a895f0c4029e23ea4533e9e78da43c9d46af1fa474d7d0298e09425f9
Instruction Fuzzy Hash: F211E676800118EFCF068F80D809CA9BFB6FF49310B068495F615AB032C736D525EF92

Uniqueness

Uniqueness Score: -1.00%

Function 014D2390 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8d1946918a365d5c64d990c965f86e91c5f8daa4187b4c09cfbf728fadf3aa5
Instruction ID: 453f81450342a1a02311b3950ad77d6425dc594e7f43c0ad22638de5fe32c575
Opcode Fuzzy Hash: e8d1946918a365d5c64d990c965f86e91c5f8daa4187b4c09cfbf728fadf3aa5
Instruction Fuzzy Hash: 7011887091825ACBCB248FA4C960AAE7BB4FB45304F00406FC642E6361DBB44983CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 014DDD18 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7009c2c18a08f4a0f7c87291a8e625e5bab50d7ca2c9981a5716bc86f9792d1
Instruction ID: bcfcf1038f950b527c0239efaff7c01afb514a513514ddf7c6ab77d3315ea0ac
Opcode Fuzzy Hash: f7009c2c18a08f4a0f7c87291a8e625e5bab50d7ca2c9981a5716bc86f9792d1
Instruction Fuzzy Hash: 4401C031B052219FCF1527B9A82857F7BAAFFD9224755443EE40AD7292DD358C0287A1

Uniqueness

Uniqueness Score: -1.00%

Function 014D4510 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2066de5aba601a20f182e0b8025834554dff14c1ff79af843370b9bb9737541e
Instruction ID: 5e43019f39b1c3c229f167b8ed765f9f072f11367513f306947203dd6531f10d
Opcode Fuzzy Hash: 2066de5aba601a20f182e0b8025834554dff14c1ff79af843370b9bb9737541e
Instruction Fuzzy Hash: 72014931E082019BCF048A7984301BF77E69FC6220B48407FEA42D7BA1DE758C0687D1

Uniqueness

Uniqueness Score: -1.00%

Function 014DC5E8 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57247423461d7d77e5843b7ddd3d6eaba78d256ba81426c021534fe19b0599b6
Instruction ID: 1e69f523738fe4b270bf5f249ed7b7515e533297dc9ee9c0d9188e03134cc8dd
Opcode Fuzzy Hash: 57247423461d7d77e5843b7ddd3d6eaba78d256ba81426c021534fe19b0599b6
Instruction Fuzzy Hash: 9411A030710210DFE7459B38A05472E37ABEBD9621F0604ADEA0AD7395DE78AC46C794

Uniqueness

Uniqueness Score: -1.00%

Function 014D4FF0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189eff78ed6779b965fdcf7c35ff9b7ecd567452d2668a14c5004243508c5807
Instruction ID: b764f9dd34632ff7be951c490ea682c3e694c641da66e9e47f307470d0775b13
Opcode Fuzzy Hash: 189eff78ed6779b965fdcf7c35ff9b7ecd567452d2668a14c5004243508c5807
Instruction Fuzzy Hash: D101C471E142068FCF51DAB898516FE77F4EB85110B44412BC60AEB251EF3449438BD6

Uniqueness

Uniqueness Score: -1.00%

Function 014D54F8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df55d8aa468788202e396b64315e21bd400a69ef93bf26fa3043a6c9ce4a410c
Instruction ID: 31fe4e2d385320df0d7e8a38f8cb23dec07a7ce05623d507f663955267b589da
Opcode Fuzzy Hash: df55d8aa468788202e396b64315e21bd400a69ef93bf26fa3043a6c9ce4a410c
Instruction Fuzzy Hash: AA118F30A11205CFDB55EFB8E8655EE7BB2FB88314F50442FD20ACB265DB395942CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D11DF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97abc9684b25eb469966754944dc3cd61c1a27b83626d6cf0ca723b950b2b58b
Instruction ID: 124ad0a509ba6cebdf848835c20eeeee3ada451f623704382c12f868fb7c16c8
Opcode Fuzzy Hash: 97abc9684b25eb469966754944dc3cd61c1a27b83626d6cf0ca723b950b2b58b
Instruction Fuzzy Hash: 5D11A130708290CFCB069B28D06886D7FF6BF96A1071540EFE546CB272CB7A4C0ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 014D4788 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc82f0beea49326f22b140ce54138268b1ead8d73695da088d11612b040a5c5b
Instruction ID: 5d9c7d8cccf37821b8354de4f053fd67644a5bc03f64dfa70da744b2f2f1ed9b
Opcode Fuzzy Hash: bc82f0beea49326f22b140ce54138268b1ead8d73695da088d11612b040a5c5b
Instruction Fuzzy Hash: CB018471F0020A8FCB94EFB884402EE7BE6EB89314F20443AC14EE7240EA354943DB92

Uniqueness

Uniqueness Score: -1.00%

Function 014DC5DB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 221ffcc510afad087e59ca1565b5a1375695c4012c1bd8bc4abd2523a14bb6aa
Instruction ID: e97ec1529e97f442fe906b3d44f09066d202a24d215f1aed716455ad7f4cba26
Opcode Fuzzy Hash: 221ffcc510afad087e59ca1565b5a1375695c4012c1bd8bc4abd2523a14bb6aa
Instruction Fuzzy Hash: 3611C4303103509FE7069B3CE0957693BA6EB89611F0504ADE90AC73A2CE38AC86C754

Uniqueness

Uniqueness Score: -1.00%

Function 014D7B10 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7670b3abcf09076d42298fdf63523f952f72bd666f865fb2c72bd57c99fe8180
Instruction ID: b4216f66802b82d7ee01d3067463f2ab52614ed138e5dcdd1d569060ae50917b
Opcode Fuzzy Hash: 7670b3abcf09076d42298fdf63523f952f72bd666f865fb2c72bd57c99fe8180
Instruction Fuzzy Hash: 0E018030A042058FDF148B54C4A4ABF7BF1AB8531EF24446FC216AB3A1CB755D038B80

Uniqueness

Uniqueness Score: -1.00%

Function 014DDD28 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce8862da30b4d68f82e0267c7191e52d1ba44b8f15fcc3f5201867dc3b10bb4
Instruction ID: 8da3dab4a7a0b46d6ca92f616747caaa6436004059403668b67c3638ad178351
Opcode Fuzzy Hash: 9ce8862da30b4d68f82e0267c7191e52d1ba44b8f15fcc3f5201867dc3b10bb4
Instruction Fuzzy Hash: F201D631B01225DBCF2427BAA81852FBAAAFFD8224750443EE40AD7791DD35DC0283A1

Uniqueness

Uniqueness Score: -1.00%

Function 014DA997 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29d96792bcbf8ac2f80c8979fc9a5677a89f32011b6e5796632cb7970b68f9af
Instruction ID: 0c3cb7ad9610fb807339e82cc530b93358b57de21b81a48cb28e2040533bd82f
Opcode Fuzzy Hash: 29d96792bcbf8ac2f80c8979fc9a5677a89f32011b6e5796632cb7970b68f9af
Instruction Fuzzy Hash: 0601AD34A04205CFDB149B54C565BBF7BF1AB44210F2208AFC052A7261CBB89E43CB81

Uniqueness

Uniqueness Score: -1.00%

Function 014DA9A8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a063fc2bbc2b7ecc9f7c63e9bdced41c7e60e8a8083acb432f53e847b62174fa
Instruction ID: c33d38859269a5d43e0228ff7320d7cedee9ca01f8484de874870c4df4959705
Opcode Fuzzy Hash: a063fc2bbc2b7ecc9f7c63e9bdced41c7e60e8a8083acb432f53e847b62174fa
Instruction Fuzzy Hash: 6001F135A041049BCF249A58C921BBFBBF1AB84210F3149AFC116A7351CB756E02C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 014D05BA Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb6b463b3253702b5cb27861c7327e59be8d7afedbee8055c4f94e7df5a5fa1
Instruction ID: d6316022826e5c84bccdbe756552a77bd1e61142cf362d1295f02e2142fd94c6
Opcode Fuzzy Hash: 6cb6b463b3253702b5cb27861c7327e59be8d7afedbee8055c4f94e7df5a5fa1
Instruction Fuzzy Hash: A101F4603042100FC60A6A7D64215BF2E8BEBC5914B24406FE54ADB3D5DEB9AC0343E7

Uniqueness

Uniqueness Score: -1.00%

Function 014D5740 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b44d645664bc9de179dfc42c01a7fa2a35ef5fc9d692dc17ff7850e2f54da150
Instruction ID: 16b8225a7051bcc4139b82eb4fc05cd415bf8e35a2445e107e635d15e166bae6
Opcode Fuzzy Hash: b44d645664bc9de179dfc42c01a7fa2a35ef5fc9d692dc17ff7850e2f54da150
Instruction Fuzzy Hash: 6D116130A0020ACFEB14DFB5E5516AE7BB6FF44244F60412FD605AB255EB359D43CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D7B20 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce3898fa1af2c4ffeaaea0d6daeeeb80d43a7998b2fbb48c3bc810ed35e0187c
Instruction ID: 8839809eee1c229734662736e8d0eff61e2d8bdaea968554e58026e3bf4ba356
Opcode Fuzzy Hash: ce3898fa1af2c4ffeaaea0d6daeeeb80d43a7998b2fbb48c3bc810ed35e0187c
Instruction Fuzzy Hash: E301B131A041089BDF148B58C8A1ABFBBF59B8571EF10446FC316AB391CB716D038BD1

Uniqueness

Uniqueness Score: -1.00%

Function 068703F8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2a4975c01cce31942aeaff9fa7f6277557839a8fe71df7932bc447735a10e86
Instruction ID: 831b5ae6a7055766c3c13706f99fe71b6e63920fbc1c50efa40528ea7283f23f
Opcode Fuzzy Hash: e2a4975c01cce31942aeaff9fa7f6277557839a8fe71df7932bc447735a10e86
Instruction Fuzzy Hash: 001170B0609348CFE3B58720A05A67D7BA1AB5220DF1440AFC582CB5A7DB78CC85D782

Uniqueness

Uniqueness Score: -1.00%

Function 014D5508 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd06106088633c4798b366221fb130727e146e48d8182668d043ee10a5ffb067
Instruction ID: 7d5d07dd04d0ef1bbcaa0e821f0c46176f808bcf3fe660ac909290a85733b10a
Opcode Fuzzy Hash: cd06106088633c4798b366221fb130727e146e48d8182668d043ee10a5ffb067
Instruction Fuzzy Hash: 9F114430A11205CFDB14EFB8E8556AE7BB6FB88304F50442FD60AD7255DB355943CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D1209 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7bc116f14dbc905d621099e348176c427fc12120d21f5b3628a6e9bd8aa9bc
Instruction ID: 251e07f2d659d0e080059a8865906ba30488b665699a85391cee419b56d80ae5
Opcode Fuzzy Hash: ba7bc116f14dbc905d621099e348176c427fc12120d21f5b3628a6e9bd8aa9bc
Instruction Fuzzy Hash: 36012C30314250CFCB459B68D06896D7BE6BFD6A1072540BFE406DB676CF7A8C0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 014DA8E8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f3fda13355953f2e83886a308e1f32d980cbbe4f62abee7914605d59b1bae4
Instruction ID: f48df7b5c1048fc6a9517819e7a4165193c11a66cb514ded5d1f6f22f2e15304
Opcode Fuzzy Hash: c9f3fda13355953f2e83886a308e1f32d980cbbe4f62abee7914605d59b1bae4
Instruction Fuzzy Hash: A0018F35A002098FDF90EBB9A8057AFBBF4EB84210F20416EDA18D3241EB3499018BD2

Uniqueness

Uniqueness Score: -1.00%

Function 068703E9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb258c1cdcb9ff20dfbb82533d26c9746dc27c49f80b6594494445c9611f3e51
Instruction ID: 7cb48928a24e1ab02c1b55b4c45f131ba2280839c636c041dc3de7306008eca2
Opcode Fuzzy Hash: bb258c1cdcb9ff20dfbb82533d26c9746dc27c49f80b6594494445c9611f3e51
Instruction Fuzzy Hash: A2019EB0609208CFE3B4C764F00A36C7BA1B76120DF24406FD586C7686DB38DC81E792

Uniqueness

Uniqueness Score: -1.00%

Function 014D05C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7358dd604195124dd42b79f5d7338b9aedb945c794b4535ee34e4794c3ab317a
Instruction ID: d43c9bec7694823552d88d4074b31bd801b4fe53f16eced329422f9190c768ea
Opcode Fuzzy Hash: 7358dd604195124dd42b79f5d7338b9aedb945c794b4535ee34e4794c3ab317a
Instruction Fuzzy Hash: A1F0B4607101200BDA097A7D64256BF6A8FEBD8944B24442FF50ADB3D4CE75AC0303E7

Uniqueness

Uniqueness Score: -1.00%

Function 014D6BE0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e1f68020d1f73e4f4243a7c2b87efa150f78807ec0c8e32534020e3b843f9c7
Instruction ID: 27d8102e45fe8dd6957b02915c64a41f3b3de7450e92fd3724462b8a404a9c7c
Opcode Fuzzy Hash: 3e1f68020d1f73e4f4243a7c2b87efa150f78807ec0c8e32534020e3b843f9c7
Instruction Fuzzy Hash: DF012871E002199FEF60DBB9A8517AEBBF4EB84610F50013FD608D3291EB309A42CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 014D4798 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b3694429860940b3139f9bf84af0edfced4872cb8798148f625391dda6717c
Instruction ID: 61b9fe10c7ab8202e3f8c6ad7b20c62fe99d552ace6aea460f447b1fd52a730d
Opcode Fuzzy Hash: 18b3694429860940b3139f9bf84af0edfced4872cb8798148f625391dda6717c
Instruction Fuzzy Hash: 9E014F71F0010A8FCB54EFB884502AF7AE6EB89244F204439C10EE7240EA355A43D7D2

Uniqueness

Uniqueness Score: -1.00%

Function 014DA258 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d282deb5da0d03b83c8989c92846f4e9a1632c78b7c5b584c62073786f351ca8
Instruction ID: f85e7610dc3cb8529a5efec08befe6a376fe2e925093056a1dbf4fac3bc6305f
Opcode Fuzzy Hash: d282deb5da0d03b83c8989c92846f4e9a1632c78b7c5b584c62073786f351ca8
Instruction Fuzzy Hash: 66F0C2313092214BCA066BAE98506BE6683BBD5230370462AD41ACF3E5EE798C0743A2

Uniqueness

Uniqueness Score: -1.00%

Function 014D7558 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0269ebb99c92be51ae5e2d21ea76502d8e8db1fcb2ce0948542a078cdb63e4ce
Instruction ID: 158e3625caf832cec5435adce693eaf9ee5acb756dde7e81aad89f085eaf7767
Opcode Fuzzy Hash: 0269ebb99c92be51ae5e2d21ea76502d8e8db1fcb2ce0948542a078cdb63e4ce
Instruction Fuzzy Hash: B5F0F43030C2558BCB066A6C986067A7F827BC62247A4426BD11ECF2E5DE794C0383A3

Uniqueness

Uniqueness Score: -1.00%

Function 02FC05CF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.542044022.0000000002FC0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fc0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49b082cf33a189c45d5ac3db846c5f0f66fab87d488a44be479b736941852c79
Instruction ID: 88ddb197d55ef70dae5779e749c83843011c0cc9fc4412d82b0967bca97e8bd6
Opcode Fuzzy Hash: 49b082cf33a189c45d5ac3db846c5f0f66fab87d488a44be479b736941852c79
Instruction Fuzzy Hash: 9401D6725097806FD7128B1AEC41853FFE8DF8623070984EBED488B612D139B949CB72

Uniqueness

Uniqueness Score: -1.00%

Function 014DAC18 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 231ac4c2800e28a01b80cc081f41b9e02a88a2881060b3e105c1b618a4dec714
Instruction ID: 6c48b9f0448d8b98165cfa9526baf01754d69f5c1960554ac50bfe55afd26690
Opcode Fuzzy Hash: 231ac4c2800e28a01b80cc081f41b9e02a88a2881060b3e105c1b618a4dec714
Instruction Fuzzy Hash: 1A01A730304344CFCB46EB78E41582EBFA6EB8522135544AEE907CB672EF359D068796

Uniqueness

Uniqueness Score: -1.00%

Function 014DA8D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db13e83df968609d7320f0aead4d280f95a0ec91066fbbdee641b4ba0354bd48
Instruction ID: 297f71fc388c42b992064fb209fbce24b05fa322b7341e6fdce69543bf09aef4
Opcode Fuzzy Hash: db13e83df968609d7320f0aead4d280f95a0ec91066fbbdee641b4ba0354bd48
Instruction Fuzzy Hash: AB017C75E002068FDF90EFB899457AEBBF4EB44260F21446EDA04D3251EB388941CF92

Uniqueness

Uniqueness Score: -1.00%

Function 014D4710 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa84ee342b5a925c72fec71a041a539ba56b07620b67767f0913a320081d67e
Instruction ID: 36cbba2300f464792418b6b1133b191687f87bc65ff55f97384fa5b9107148c4
Opcode Fuzzy Hash: 3fa84ee342b5a925c72fec71a041a539ba56b07620b67767f0913a320081d67e
Instruction Fuzzy Hash: F1F050327012509BCE2522FA54203BF32CA9BC5664F58007FD109C7B50DD75CC439351

Uniqueness

Uniqueness Score: -1.00%

Function 014D1218 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed56d58466933555081c41f4aa4e77f34b5af5368e8d960d6461eb229d67638
Instruction ID: bf8fdac5d849bef3aed45735770d68e8f0b31218dd2a10be3ec962c3a507e192
Opcode Fuzzy Hash: 0ed56d58466933555081c41f4aa4e77f34b5af5368e8d960d6461eb229d67638
Instruction Fuzzy Hash: C2013130314110CBCA049B29D068D6EB7EAFFD5A1072440AFE906DB775CF769C0A8782

Uniqueness

Uniqueness Score: -1.00%

Function 014D7568 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e059d787b3fffe0fc8d3fc82997c3396490a06e3d289d5cf48dd92d9a1b35c56
Instruction ID: 7fc804b59e5bf63ceb8ba6b10c7d30115111cd05f4e7b84481f36065d370ad31
Opcode Fuzzy Hash: e059d787b3fffe0fc8d3fc82997c3396490a06e3d289d5cf48dd92d9a1b35c56
Instruction Fuzzy Hash: CEF0B43130825453C919666E9C60A7E7A867BC52747A0462AA51E8B3D5EE359C0343A3

Uniqueness

Uniqueness Score: -1.00%

Function 014D0D2A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df987649293bb71994c14efa4f7370b4ff75ff8110d854c7eaeedb42bf018e40
Instruction ID: 4b5156ea90c3a2028a495033de4b9fdd8f9806ec94097b472e00e69079beb3e0
Opcode Fuzzy Hash: df987649293bb71994c14efa4f7370b4ff75ff8110d854c7eaeedb42bf018e40
Instruction Fuzzy Hash: 050164353002008FCB40DB38D498A5D7BE2EF89704F2084AAE50ACB776CB31DC4ADB42

Uniqueness

Uniqueness Score: -1.00%

Function 014D5D5F Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0188513e7038be85ffa89730b138167763d3232971d688ae84daaded6478468a
Instruction ID: 5bba2624b283b36a17f3067602412e215eb93fa7b54d7c589a0549c058d37e85
Opcode Fuzzy Hash: 0188513e7038be85ffa89730b138167763d3232971d688ae84daaded6478468a
Instruction Fuzzy Hash: FBF081316083918FCB269779542C26A7FE51FA251071DC1EFC0CA8F663DE318807C766

Uniqueness

Uniqueness Score: -1.00%

Function 014D6558 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d90f5175a111676bf91d21bf84286c585def1b72f436f5428e617f33d13cb1
Instruction ID: d037e372a6cda09012a8e14c2cab9cb234d31a44f9843549dc5d6ac5d40498a9
Opcode Fuzzy Hash: c3d90f5175a111676bf91d21bf84286c585def1b72f436f5428e617f33d13cb1
Instruction Fuzzy Hash: C6F02B31704215DBDF50D639A8306FBBBE8D782754B41006BC90AD7255EB355A4787D1

Uniqueness

Uniqueness Score: -1.00%

Function 014D61A1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd1b766e05470732d8c5693838ba9d802c63a744325579d86a7d67678646c43d
Instruction ID: 2d0a9f974fa3e240da76bba550681114d326b621298a94932c11ecd7d69f691f
Opcode Fuzzy Hash: dd1b766e05470732d8c5693838ba9d802c63a744325579d86a7d67678646c43d
Instruction Fuzzy Hash: A3F0F631E002529FDF509A3894215FF77A0EBC5260F01007FCD1AA3262EB395917C6C1

Uniqueness

Uniqueness Score: -1.00%

Function 014DAC28 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e2b19c9095572a7043d75282783872fc72adc7381d8b51572c7199c6f4cc462
Instruction ID: 2a62f8b32d5db70ad93a81aa500679749468b9055b2e689f4aaaf115f90dfeff
Opcode Fuzzy Hash: 9e2b19c9095572a7043d75282783872fc72adc7381d8b51572c7199c6f4cc462
Instruction Fuzzy Hash: 1BF0AF30300304CBCB51EB78E01592EBBA6EB88221324447EE90BCB625EF35AD078795

Uniqueness

Uniqueness Score: -1.00%

Function 014D6BDC Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6e65f52cf94130e79d8b15bc4402159ac1e6391cd404a8cf2601be8d0ba49bd
Instruction ID: c6944f24aa2fe19cd448c741ea676b5c850ae698b2891fa8ea425e797504989d
Opcode Fuzzy Hash: f6e65f52cf94130e79d8b15bc4402159ac1e6391cd404a8cf2601be8d0ba49bd
Instruction Fuzzy Hash: EF014670E002099FEF60DB7898907AEBBF4EB84610F60012FD609E2292E7348942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014D6568 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0079a587c25503b7147fb7efb89a4944286c3b22cf23ce7b1b4221b54c1e0468
Instruction ID: 5d346c8417ab106ecda0a5211913ee2c38b35bb8e9030ef5aeb93bbc003b4cca
Opcode Fuzzy Hash: 0079a587c25503b7147fb7efb89a4944286c3b22cf23ce7b1b4221b54c1e0468
Instruction Fuzzy Hash: 33F0BE30B04126DBDF509269A8306BF77A98786650B82002BCA0B93399EE345D4386D2

Uniqueness

Uniqueness Score: -1.00%

Function 014DFD79 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7a3bf5dcc106d5c88d3fbd792391d6d6c76983476c688aa9a8cd2d46fd9c6c
Instruction ID: e6f38ef1130fc149537ec2d00887686dcf36ab76c106f5f2164d85dfebad46ba
Opcode Fuzzy Hash: ac7a3bf5dcc106d5c88d3fbd792391d6d6c76983476c688aa9a8cd2d46fd9c6c
Instruction Fuzzy Hash: 3DF0C230B0026ACBDF20DEA8E8809BEF775BF44600F204826D223AB215DB705E1B8790

Uniqueness

Uniqueness Score: -1.00%

Function 014DA1E9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56a8bdcad0716b179708d4285ab3549ad64d89958220438f40716050f2b9427f
Instruction ID: 7747a4e535b7de56ee785d7448f438c5cb79286128a277f0d0baf66ec846f69f
Opcode Fuzzy Hash: 56a8bdcad0716b179708d4285ab3549ad64d89958220438f40716050f2b9427f
Instruction Fuzzy Hash: 66F0C831609341CFC756AB78A42147D7FB2EFC226131944AFE446CB3A1DE399D4B8792

Uniqueness

Uniqueness Score: -1.00%

Function 014D84A0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b477aea19fa44c27dca19eb20c746a3132510da01da96d98c94a9c47edc6ab
Instruction ID: 8a7bb393fe15dbaf7e923b044ab2ba9b21e5cc99cf3f468ed05f93dc63b4ba78
Opcode Fuzzy Hash: 27b477aea19fa44c27dca19eb20c746a3132510da01da96d98c94a9c47edc6ab
Instruction Fuzzy Hash: 40F09071A08216EFCB41DB6498558BBBFF4FF95210B1445BBE516D7232F23149068B91

Uniqueness

Uniqueness Score: -1.00%

Function 014D5CD1 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da06ecd70b67bd30c4d95e2124ab0348cd1bcfa14f6ce4eef2a25c8e713bc49
Instruction ID: 67517a35d418e7c17edbfba056e75a86d379cf554aa4de20ad84ab21ea62bb86
Opcode Fuzzy Hash: 8da06ecd70b67bd30c4d95e2124ab0348cd1bcfa14f6ce4eef2a25c8e713bc49
Instruction Fuzzy Hash: ECF0CD71E002168FCB80DFBD8404A9EBBF5EF89224B05006AC108E3312EB349902C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 014DEA17 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1825ef6a55220bde465fa33f73ac2d960fba377e8a8e395173930ac48024194d
Instruction ID: 10065d0f049bc74b3c112662ae1c92028bf4a8935ac1ff6f66280ca3613747a0
Opcode Fuzzy Hash: 1825ef6a55220bde465fa33f73ac2d960fba377e8a8e395173930ac48024194d
Instruction Fuzzy Hash: 0EF02E2260929297EF2111AD98587665F84F745764F4801BFDD8AEF353D57408054363

Uniqueness

Uniqueness Score: -1.00%

Function 014D45B8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0110404a7c10d2908dd209d3ed912285466255de6b0f7c8799d49ee8e544803c
Instruction ID: 204e806a91a43547812b5f6bfca20319969a45a30564d839669f45005343dfc0
Opcode Fuzzy Hash: 0110404a7c10d2908dd209d3ed912285466255de6b0f7c8799d49ee8e544803c
Instruction Fuzzy Hash: CDF0E930A453595FD741DAB99C01AABBFFCEB46210F15007BD518D7152E234591587A1

Uniqueness

Uniqueness Score: -1.00%

Function 014DFCB1 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a36148f9cda8ea8fb8dd1e0f624b6865bc12236fb87547f7d43774a990ce18d
Instruction ID: 1264ed65e25d08754bcb2f7a492567a808f2a4851810f9a2e865f2a3e20ca626
Opcode Fuzzy Hash: 1a36148f9cda8ea8fb8dd1e0f624b6865bc12236fb87547f7d43774a990ce18d
Instruction Fuzzy Hash: 5CF0C231808258EFCF52DFB8C810AADBFF4AF1A210F14C0ABE559D7261D3358626DB51

Uniqueness

Uniqueness Score: -1.00%

Function 014D0961 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ddd7d08a96e8d4c05ef48f33513643ec15d1ada68478e299bdc202c76f2dfc
Instruction ID: cf892a044b5aa7811730ddc74582db5b1750d292e9d3aab07865f8f85933432d
Opcode Fuzzy Hash: 15ddd7d08a96e8d4c05ef48f33513643ec15d1ada68478e299bdc202c76f2dfc
Instruction Fuzzy Hash: ABE06132300106069D011278749106F774FE9D41377508733F20BC7266CE71849742D2

Uniqueness

Uniqueness Score: -1.00%

Function 014D55D9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 245e869012862bae77b5eb51f99b52c64343bc96ac7c58d93ffeff6fbe44feb2
Instruction ID: 1c9d5657a67fa2bcac4ed92dda82297cf9c7a96e42ef076fa9efd4144c349866
Opcode Fuzzy Hash: 245e869012862bae77b5eb51f99b52c64343bc96ac7c58d93ffeff6fbe44feb2
Instruction Fuzzy Hash: 50F0A032B102095BCB96596CA8501FBB7F5EBC5230F04017BC509D7220EA7548228AA0

Uniqueness

Uniqueness Score: -1.00%

Function 014D0908 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38d510159ee78f69316eb899a33b7a5ad6b6c5c0dbc1cef881eded8bd0b9e1a3
Instruction ID: f91651767f4a123a81a8a77cd665316f67a05d590c2dbeb2f88e1881ed8eba16
Opcode Fuzzy Hash: 38d510159ee78f69316eb899a33b7a5ad6b6c5c0dbc1cef881eded8bd0b9e1a3
Instruction Fuzzy Hash: 16F02730A1A3589FDF204AB1482456F7FB8AB42220F1144DBBD479B365DAB88C078393

Uniqueness

Uniqueness Score: -1.00%

Function 014D0918 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 690fff7d1fc5ce11b2299c46c07b544867bd40f5148a1e266ec16acf7efddb6a
Instruction ID: 97e85a547d1b7d81f031e4f0c327fcb4b7fbd80df10ce1e2a7fdcd2e81c3b1a6
Opcode Fuzzy Hash: 690fff7d1fc5ce11b2299c46c07b544867bd40f5148a1e266ec16acf7efddb6a
Instruction Fuzzy Hash: 6CE02B32F1521C9BEF1059F598245AFBBA99785260F0045B7BE0B93314D970881743D3

Uniqueness

Uniqueness Score: -1.00%

Function 014D5CE0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 764a0c5edcd6645d1db44f8be9af9ca74863e043c057dac57038d3c7182b0d14
Instruction ID: ff85041f26cc60464bfce408d31dc63c7ab022ea3e8924298667ca16eabd6b23
Opcode Fuzzy Hash: 764a0c5edcd6645d1db44f8be9af9ca74863e043c057dac57038d3c7182b0d14
Instruction Fuzzy Hash: B1F08271E001155F8F80EBBD940459FBBF9EB88624B11013BC50CE3340EB34990287E6

Uniqueness

Uniqueness Score: -1.00%

Function 014DE9E8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 712363c99c2699038d482cc92bc7f4cd7cfe79bf7a5c2a18006c6cc2ff09c8e9
Instruction ID: 86f64c8d317eddf585fe4e16e724f87f06aaad8947d14351132cc3b6a56d393c
Opcode Fuzzy Hash: 712363c99c2699038d482cc92bc7f4cd7cfe79bf7a5c2a18006c6cc2ff09c8e9
Instruction Fuzzy Hash: 66E0ED36205211CBCB60DBA8F0602A1BBA4E780227B0088BBD54EEBB20C7329803C780

Uniqueness

Uniqueness Score: -1.00%

Function 014DC8B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d2d2ffbabbbc6e9fee092fee8d7fcde69ed22d66d02b035b72135a55b857d7
Instruction ID: 64d0c31847c69bbf1766782bc6b1ba3acc3558afbfd5603a4c44f91ca4473b92
Opcode Fuzzy Hash: b9d2d2ffbabbbc6e9fee092fee8d7fcde69ed22d66d02b035b72135a55b857d7
Instruction Fuzzy Hash: 95F055727050616B835A627C306073F27878BE4920718412EE449D7355CE30AC0383E6

Uniqueness

Uniqueness Score: -1.00%

Function 014D4701 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44710f642ae75a65e5093ee5096ceffd87374120bf9682d8e531d25f754a8e26
Instruction ID: d41fcaa4b28fb1f230b90f80ec24f89df0dbd2d4f19f33aaa1ea7da6da17d9f1
Opcode Fuzzy Hash: 44710f642ae75a65e5093ee5096ceffd87374120bf9682d8e531d25f754a8e26
Instruction Fuzzy Hash: 74F022326893819FCF1322B554207A637A8CB83630F1E00BFD515CBB72D8798C838361

Uniqueness

Uniqueness Score: -1.00%

Function 014DE167 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9795333cac0a3f4d622a45e366fed5d931bdf8debb291e1c61dd31eadd9aa2d0
Instruction ID: 301a2bbd87fd893e7918ee8df86189741efd03b232fd03607bbbde66bfb96770
Opcode Fuzzy Hash: 9795333cac0a3f4d622a45e366fed5d931bdf8debb291e1c61dd31eadd9aa2d0
Instruction Fuzzy Hash: C5F0EC313156519BCB12D66CC8305BE7F95CFD2524354C86FD449AF341DD359C034791

Uniqueness

Uniqueness Score: -1.00%

Function 014DE999 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a0f8cfafa15b78398f4c87fba99f051f81417b894e942bd0fb0aaa09f8a2d6
Instruction ID: 04ef25003ded14fabf7bfbac108e3ac40a542d26020fb43391e735bbe1447b35
Opcode Fuzzy Hash: 71a0f8cfafa15b78398f4c87fba99f051f81417b894e942bd0fb0aaa09f8a2d6
Instruction Fuzzy Hash: 20E02B312262509BCA22E76DD42066A7FD9DBD5510B40885FD88AEB352DE76AC0787E0

Uniqueness

Uniqueness Score: -1.00%

Function 014DFCC0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d01ef737e714f4cab3e8342dcec98e71b4a21958a4aa3644033c1673bef7c1
Instruction ID: 07f4cb7b0f11c371d9f62fd13bb832c16abbb3f204fe4c104eb407059957e1f2
Opcode Fuzzy Hash: 20d01ef737e714f4cab3e8342dcec98e71b4a21958a4aa3644033c1673bef7c1
Instruction Fuzzy Hash: 25F09031800118EFCF51DFA5C8109EDBFF5AF19210B04C0ABE95AD6120D2318626DB91

Uniqueness

Uniqueness Score: -1.00%

Function 02FC0938 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.542044022.0000000002FC0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fc0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction ID: d2d91924d0f885d0a33503dad2664bd16e4fce4261eb618e10d7e0930b95d518
Opcode Fuzzy Hash: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction Fuzzy Hash: FCF01D35208645DFD706CF00D640B15FBA2EB89718F24C6ADE9490BB62C737E813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 014DFD10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00411f8eb74925e24e10462ef5a56a8f9eaaa47ee753f60b200c35140b6c0350
Instruction ID: 62c30046253984c511f3aa8e54c8959d254f835a8b89b4262a9abd1b4b69ea6e
Opcode Fuzzy Hash: 00411f8eb74925e24e10462ef5a56a8f9eaaa47ee753f60b200c35140b6c0350
Instruction Fuzzy Hash: 0BF0ED30109344CBDF399295C53066277A96B02200B80455FC8B38BB31CB32B94F8BE2

Uniqueness

Uniqueness Score: -1.00%

Function 014DA200 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958f89572ca2ca08b70c731358a1d6e539e62d88ce74b52db98a60006285aa09
Instruction ID: 21485dfaa726da8565f9bb71dee05ef65944492debdc778bb53f1f1bc63adfef
Opcode Fuzzy Hash: 958f89572ca2ca08b70c731358a1d6e539e62d88ce74b52db98a60006285aa09
Instruction Fuzzy Hash: F2F0A731314200DB87556B6DE41046D7BA7EBC5260354882DE50AC7350CE369C078751

Uniqueness

Uniqueness Score: -1.00%

Function 014D74F7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c033a790a937686948fb7dd6ce6261397cebce34256be915139367db9b6b1b
Instruction ID: 572dd9001caf0bfd7a4cacf6a3359cdc80aee4b58a58f7fa535c89aadef30263
Opcode Fuzzy Hash: 86c033a790a937686948fb7dd6ce6261397cebce34256be915139367db9b6b1b
Instruction Fuzzy Hash: 51E06D31B011625BCE14B3FAA8343AE63A69FE0919FD0483EC506CF7D5EE708D028792

Uniqueness

Uniqueness Score: -1.00%

Function 014DCBEE Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784cc5f7df7cdb30d739dc6a2c0c3c220254de59a2beaf84d6cc18c6d856b9b1
Instruction ID: ad76b017c6295994eeee94a451a6e2e5268ecd77d5d7fb03527616b62fb2d65f
Opcode Fuzzy Hash: 784cc5f7df7cdb30d739dc6a2c0c3c220254de59a2beaf84d6cc18c6d856b9b1
Instruction Fuzzy Hash: D8E0D8713192949F8F16576E60705BE3FEB9AD6861309409FE707CB272DC219C07D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 014D57A2 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b4cb8d4e0aeca34a0c1508df6968f92b55b9127cc34ba283193ee6504403e4
Instruction ID: d98fbf2929959639e5eab4f118a72441bfbd6eb600b267ce41b3696ec9bd1abb
Opcode Fuzzy Hash: 39b4cb8d4e0aeca34a0c1508df6968f92b55b9127cc34ba283193ee6504403e4
Instruction Fuzzy Hash: 88F03031B08101CBEF54ABBDE4252BD7771AF84118F61812BD61A9E1A1EE345C038762

Uniqueness

Uniqueness Score: -1.00%

Function 014D8740 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88a38fb75f19e5934af96fef7e3e0b7640ab3c7fb0bbdcd5a39dd9bcd5d66cf
Instruction ID: f9bf372513dec68fae1f63e1dd479fc0c974ec6ff1983537b067e1d6958e6553
Opcode Fuzzy Hash: c88a38fb75f19e5934af96fef7e3e0b7640ab3c7fb0bbdcd5a39dd9bcd5d66cf
Instruction Fuzzy Hash: 90F0EC35A012538FC7625B6CE8291757BF1E74D361306016FE942C3315DB384C11CF81

Uniqueness

Uniqueness Score: -1.00%

Function 014DBE30 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00bd6c04d90e77574af69d06f34b844c768328619e7dad43d5e3d09f7ae63f6d
Instruction ID: a87e709204cf852f75f89d4ed57be8d63738df7810ddfd94dc68ac80d5967cce
Opcode Fuzzy Hash: 00bd6c04d90e77574af69d06f34b844c768328619e7dad43d5e3d09f7ae63f6d
Instruction Fuzzy Hash: 4FF0F436604B40CFC721CF69D650816FBF1EF86620306CAAFD6AAC7A61C630F8088B51

Uniqueness

Uniqueness Score: -1.00%

Function 02FC05F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.542044022.0000000002FC0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02FC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fc0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecc5e745e871074f0d6d3eeb22b1ad7026e24da16cd91335e014fda27ae69794
Instruction ID: ad0c9b85bf047e7b798f5de1cf4d220a2d5402264f47776578e555f393b3b531
Opcode Fuzzy Hash: ecc5e745e871074f0d6d3eeb22b1ad7026e24da16cd91335e014fda27ae69794
Instruction Fuzzy Hash: 55E092766046044BD650CF0BEC81462FBD8EB88630718C4BFDD0D8B700D535F505CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 014DE178 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69edb981016329b7fe45d05978b166dc7a85626d2677a210dafdc9abdfe07942
Instruction ID: 23d1ff4956802cd0ad56cc65d2cc337a30ade2692de8f7ed1e7d50d4cc7db409
Opcode Fuzzy Hash: 69edb981016329b7fe45d05978b166dc7a85626d2677a210dafdc9abdfe07942
Instruction Fuzzy Hash: 0EE086323115119B8A25E66DC9308AF7B9ADFC6624354C82FD51AAF391EE76DC0347D0

Uniqueness

Uniqueness Score: -1.00%

Function 014D6100 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e8f727c38cb168040288f5d8e27f07655ceda85ce32bcff4cf433cacf73e104
Instruction ID: ed856ad04c963803c458332eb08bb7f29a532012a73bc80959886ec1a8eb42c2
Opcode Fuzzy Hash: 7e8f727c38cb168040288f5d8e27f07655ceda85ce32bcff4cf433cacf73e104
Instruction Fuzzy Hash: 0BE0262174B3550FE7132A36581453F3B5A6EC2445386409FD946DB252EE12AD0783EB

Uniqueness

Uniqueness Score: -1.00%

Function 014DE9A8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4383641936f840ba67b1aedf15cf56fe291b4767519610162b5548c7b67c25
Instruction ID: ae7f518374cf973da7fb470062825cc01b6cf8cb4a6d383053fb41d7844df44b
Opcode Fuzzy Hash: 0b4383641936f840ba67b1aedf15cf56fe291b4767519610162b5548c7b67c25
Instruction Fuzzy Hash: 1DE026313165108B8A21FA6DC43086F7B9ADFC1920340886FD44EAF381EE32EC0387E0

Uniqueness

Uniqueness Score: -1.00%

Function 014D8750 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f8f7c4ff5da2d2d397982b97b526d8d7a516a307c0a38d04cc41eab20bd277c
Instruction ID: fdbe68d1d08ef1dbdbc671cf32508f5587a40be0eeb6a836a6e36878911aee1f
Opcode Fuzzy Hash: 4f8f7c4ff5da2d2d397982b97b526d8d7a516a307c0a38d04cc41eab20bd277c
Instruction Fuzzy Hash: 47E09236F0013987CB611AACB8285397BEAE74C7A1316022FEA06D3308DE348C018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 014DAA30 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6c0d2b749ed594c7a356869054036617edf0179a9452b06dfd4c8c5b005cab
Instruction ID: 42e68134fc5f16fbe4d05962159435b1ddd976a921722304d415006a6a809138
Opcode Fuzzy Hash: af6c0d2b749ed594c7a356869054036617edf0179a9452b06dfd4c8c5b005cab
Instruction Fuzzy Hash: D5E06D366482418FCB9167B492291697FE5AB8A25171600EFD516CB3A1DE398D428722

Uniqueness

Uniqueness Score: -1.00%

Function 014D46B8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: defba6aac32fb9134b4097958fc3f5f2d6fcd8a70221269f2fb27c9512acd494
Instruction ID: 5347e1f9141ca994a18fd1b127440539928c118071000329095df9bc2c16f555
Opcode Fuzzy Hash: defba6aac32fb9134b4097958fc3f5f2d6fcd8a70221269f2fb27c9512acd494
Instruction Fuzzy Hash: A1E08C31310125C7CA1126B9B0282AE768AAF81254B184067F20FCBA64EE3ACD0343E3

Uniqueness

Uniqueness Score: -1.00%

Function 06870A95 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8df9f66dceee2bc3de878f75dc1acc547c0cb0156ee942e8000c8cf3e63c28
Instruction ID: f4d5392273c6390b5be38164d21c617316cad3cdff530abbcf41a0d05c6567e5
Opcode Fuzzy Hash: 6a8df9f66dceee2bc3de878f75dc1acc547c0cb0156ee942e8000c8cf3e63c28
Instruction Fuzzy Hash: 76F0A071A05158CFFB7087A4F80DBACB761BB4072DF088096D205E30D5C7B49D84CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 014DFD20 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41a382fa689abb7b6a0e832259ad3b03a6ee0450fd726067a5b9601899688e7
Instruction ID: 79042e7930ee96938334330bd74810472cae324aeed546e0cde5a4013f592570
Opcode Fuzzy Hash: b41a382fa689abb7b6a0e832259ad3b03a6ee0450fd726067a5b9601899688e7
Instruction Fuzzy Hash: 54E04F30109609CB9E3D6655C57447673A9AA42211390455BC5734AB34DB72F94F4BD2

Uniqueness

Uniqueness Score: -1.00%

Function 014DB1D8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eec94ff2210bbb934bca26fd333e3eab12533797cd389e1b8ee466bbbc0913c
Instruction ID: 9db573714bacd4995b672b4e4fb94d1c393721f10491e8d6fa2a0dae10016f91
Opcode Fuzzy Hash: 5eec94ff2210bbb934bca26fd333e3eab12533797cd389e1b8ee466bbbc0913c
Instruction Fuzzy Hash: 1BE09271604B448BD324DFAFB400513FBF9FBD1620B58CA2FD19983612DB70A90987A5

Uniqueness

Uniqueness Score: -1.00%

Function 014DF9D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feadb934bab1a910356a43b67fb4cc213cc1327d46e897b1c3a4abe67c766c13
Instruction ID: f70c27e7dcc7dc3d04afe9314fc3b7bb833e666527f6847292846e89f8de3bd5
Opcode Fuzzy Hash: feadb934bab1a910356a43b67fb4cc213cc1327d46e897b1c3a4abe67c766c13
Instruction Fuzzy Hash: 8CE022706193949FE38297297C087DABB73EB46300F04828BA4009B187CA6418098368

Uniqueness

Uniqueness Score: -1.00%

Function 014D6B81 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 306e955326e669b5e83666555ab3ac98c8523c4cc4fd84cd5923bae539628340
Instruction ID: 47e673f18e0ac301f6b19d474bfc858a8a739a3bcf35c97ac232a0dc04b6f725
Opcode Fuzzy Hash: 306e955326e669b5e83666555ab3ac98c8523c4cc4fd84cd5923bae539628340
Instruction Fuzzy Hash: 73E0D83164D3A58FDB1122BC64247B43E989B42714F4500DBD605C72B3E7FA4C4183AA

Uniqueness

Uniqueness Score: -1.00%

Function 014DCC00 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 662ac50686511c8a28256d4555272c16e799697c3aa5843e65ea7d628f1b9004
Instruction ID: 9b985a7951b3c49f9568ee5446f3bdc35aae99952460c1b6a243cdb20e23de53
Opcode Fuzzy Hash: 662ac50686511c8a28256d4555272c16e799697c3aa5843e65ea7d628f1b9004
Instruction Fuzzy Hash: 0FE012713141249B4D25665E90B45BE7ACB9BC9961314406FE307CB360DD629C03D7E2

Uniqueness

Uniqueness Score: -1.00%

Function 06870380 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d982ba874e6d40f619bfcb583b9a7246bf16b28a44422b86e71cbf70b507818
Instruction ID: f1f5d048adf970f7f93c1c5c1d4b98704dfc402260af4f1ec36d1771ac7582ea
Opcode Fuzzy Hash: 2d982ba874e6d40f619bfcb583b9a7246bf16b28a44422b86e71cbf70b507818
Instruction Fuzzy Hash: 39F0397000A248DFD7489F10E85AA6E7F36AB81205F14805AF847CA292CB34ED80CF92

Uniqueness

Uniqueness Score: -1.00%

Function 014DE1B8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004e9fec44fb316202b5080e1c365e7f379a63dfc790e1026adcbbf01292ea37
Instruction ID: 10b9a141f2d332babeb2f38c64b84307d8923d258ecaf7955e1d9e973cd7fac7
Opcode Fuzzy Hash: 004e9fec44fb316202b5080e1c365e7f379a63dfc790e1026adcbbf01292ea37
Instruction Fuzzy Hash: 44E08631209390DACB21577464246FABB99B70A511F04496FFC86AE221CA359543C3E2

Uniqueness

Uniqueness Score: -1.00%

Function 068712E1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b34d47d639655e47fa129fea37f60dd71a5ba3d5599887d642f0e9957f1b576
Instruction ID: d2714a97da8dce9ee8ad956c330d4055a9d579c6d38d7d9f43fd153295e8354d
Opcode Fuzzy Hash: 0b34d47d639655e47fa129fea37f60dd71a5ba3d5599887d642f0e9957f1b576
Instruction Fuzzy Hash: 89E0CD613662645BF609F6BC88107767F5DDBE1418F18849FE40AD7381CD618C0243E1

Uniqueness

Uniqueness Score: -1.00%

Function 014D5DE8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7617cffda78253e75c8b2f57cba37f19f2fde02f9f441f7ea12a9a51ec089e82
Instruction ID: afbc92430d1a6d6843e87841e1b49e0c34451702f23ee8b7bc7104129bf0822e
Opcode Fuzzy Hash: 7617cffda78253e75c8b2f57cba37f19f2fde02f9f441f7ea12a9a51ec089e82
Instruction Fuzzy Hash: 1CE0C23076A2425FCF257BB404B00B927A54A9153138405ABD406CF692DEA84C0343D1

Uniqueness

Uniqueness Score: -1.00%

Function 014D6110 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9222cb53788ec44a1f583391d832e0a9c5046e60dfaa02d8ba8a792e499ac72
Instruction ID: 6fff5fbeed049eebcae05733d70de2fb077451a6a4a76ea99be3f5842f3273d4
Opcode Fuzzy Hash: d9222cb53788ec44a1f583391d832e0a9c5046e60dfaa02d8ba8a792e499ac72
Instruction Fuzzy Hash: C5D0A7117422161769157976A81457F738E6AD0899341442CE90AD7340DE15EC0343F6

Uniqueness

Uniqueness Score: -1.00%

Function 014D6B90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ebb4a8cff3f692b1c14873edd137e68795d0000670779d73b7652eaffea95e
Instruction ID: 91423be7e4557c569727f8c62b1e32477683268f604b4d99f5d29ad72e7e8ca2
Opcode Fuzzy Hash: 97ebb4a8cff3f692b1c14873edd137e68795d0000670779d73b7652eaffea95e
Instruction Fuzzy Hash: 75D05B3161D479C7EE10359C6424BB9358D9740755F550067DA06C3351DBE68C4143EA

Uniqueness

Uniqueness Score: -1.00%

Function 06871238 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501d36b3c8bc9ed885fd0e99ef67223402001762eb7ed0630889b7218a5f9830
Instruction ID: edb07c7903c2f6eae25e833299000614c26db387b0dc42e92bc105551d6cd531
Opcode Fuzzy Hash: 501d36b3c8bc9ed885fd0e99ef67223402001762eb7ed0630889b7218a5f9830
Instruction Fuzzy Hash: 49E01A2017D28DCEEBD1C65084AF33E2A35DB8B21DF0C85DBD9C6C9C868625C14D878A

Uniqueness

Uniqueness Score: -1.00%

Function 014DE1C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98472b638aee6a342da9a60633b85a10d2e469646a789a719be582ec749dca3e
Instruction ID: 3e5061348ebec7685fa5f72e3d0b6d23282a89b6eb7f15a1fb27acffd68d4156
Opcode Fuzzy Hash: 98472b638aee6a342da9a60633b85a10d2e469646a789a719be582ec749dca3e
Instruction Fuzzy Hash: E7D05E31308320DBCE24167498205FFB39DB709A12B00493BFD4BAE120CA31E843C3E1

Uniqueness

Uniqueness Score: -1.00%

Function 014D57F6 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a65e8dac41d9215d776602cc2c7a6fc6260f6e51c753f7dacde12923bbe90fc
Instruction ID: 996d2ce8ae09dbe9ef4b04b0b03f6bd33479c539afab78ba9d04192621396305
Opcode Fuzzy Hash: 4a65e8dac41d9215d776602cc2c7a6fc6260f6e51c753f7dacde12923bbe90fc
Instruction Fuzzy Hash: 39D01231F09004CBDF04A7FDF5661ECBB719B841257505077D5079E111DE31091647A1

Uniqueness

Uniqueness Score: -1.00%

Function 014D7690 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b272f4304b71c4460b6449d6bea03ffceecf54cf67175d87febc1e9b9b126724
Instruction ID: e4642126aaaa57ff45d79a74c02bb397e022006d037ea9cbe90c80562bb1be60
Opcode Fuzzy Hash: b272f4304b71c4460b6449d6bea03ffceecf54cf67175d87febc1e9b9b126724
Instruction Fuzzy Hash: D9D0C2310093509BDB355A2C94106A27AD85B4622EF04086FC04E06A20E672A086C3E3

Uniqueness

Uniqueness Score: -1.00%

Function 014D46A7 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1020b7924f13c688c9b4b89627ee45a602127bc0b6cf28fd94dadfdea56a5427
Instruction ID: 3cd4129a8c51303619f1f55bc368ac52a017f8221f7995bb6d79f722c70531f8
Opcode Fuzzy Hash: 1020b7924f13c688c9b4b89627ee45a602127bc0b6cf28fd94dadfdea56a5427
Instruction Fuzzy Hash: 0CD0A7301843019FC7624FA4B80A6FA37F8DF83330B0001ABF80AD5412C26D4C834760

Uniqueness

Uniqueness Score: -1.00%

Function 014D02A1 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938ed7f6827c79589d42eb2c0f188ec06d3b9c058c5f5fd44f71fbf46b890e1f
Instruction ID: efef13c6841fa4500cea88041c55e79d18937d9b189dd974f9ae9009550c79b5
Opcode Fuzzy Hash: 938ed7f6827c79589d42eb2c0f188ec06d3b9c058c5f5fd44f71fbf46b890e1f
Instruction Fuzzy Hash: 5AE0C23004B3408BC3628B64F4248C13BF0EF86610304889BE096C7A65C7786C43C700

Uniqueness

Uniqueness Score: -1.00%

Function 068712F0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242d5b7dd85c75e67c2d4aa9105d7458bdfb7b347a0344c989cee2f77c0ca543
Instruction ID: 21dc8dec30a222c31b8965263c3c2aa0476b9bf0c16878e3a138b74755a0bf2d
Opcode Fuzzy Hash: 242d5b7dd85c75e67c2d4aa9105d7458bdfb7b347a0344c989cee2f77c0ca543
Instruction Fuzzy Hash: CAD0A731351125577908F5AC88108BA778EDBD5468305845FF90AE7380CD72DC0343E0

Uniqueness

Uniqueness Score: -1.00%

Function 014D016F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 006d2d90dd25893b96d09a84b052649c8e7bda128be17562ecea73b2f4b432f3
Instruction ID: 7bd00546fa03e0967e90e1f0ccb6c7873dc8655d1615885ee08f6b935fabb12d
Opcode Fuzzy Hash: 006d2d90dd25893b96d09a84b052649c8e7bda128be17562ecea73b2f4b432f3
Instruction Fuzzy Hash: 1EE0C2351023408FDB062731B01D12C3B659B8621570006BED8658A6D1EA3AD882C601

Uniqueness

Uniqueness Score: -1.00%

Function 014D2D20 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09983c144f3522597d631ef7f2e8290d4f44ef4bf59ddbc39fce85c1dfe86e0e
Instruction ID: 787b8dbf829905869eefe2ff59f774569c19902365d987b83ba5bf1190fa329c
Opcode Fuzzy Hash: 09983c144f3522597d631ef7f2e8290d4f44ef4bf59ddbc39fce85c1dfe86e0e
Instruction Fuzzy Hash: ECD05E3008E7849EDF5202A06828F763AA44B4A310F080093D24A8E0FBD1ED94038212

Uniqueness

Uniqueness Score: -1.00%

Function 014D0650 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6323e878d3b3923118e27806e2d3ff0f8933705083b65d3d1daeb7fc677e0243
Instruction ID: d03ec628bc4234a60d8beb76973bd05db6a5d24d41b994b506a576ea54be64cc
Opcode Fuzzy Hash: 6323e878d3b3923118e27806e2d3ff0f8933705083b65d3d1daeb7fc677e0243
Instruction Fuzzy Hash: 3BD02E7008E3C08FC3025670282A0687F249AC2219B2488BBE88086822E23B681397A2

Uniqueness

Uniqueness Score: -1.00%

Function 014D5DF8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44812878cd2ecb106cfc1d2c3158104c0bcedfd3371314e7fcd69626fdfce259
Instruction ID: df177d7f1cce2475ac51d60ed3acb75a69c53a68a330d89aefeec3aee93c53ff
Opcode Fuzzy Hash: 44812878cd2ecb106cfc1d2c3158104c0bcedfd3371314e7fcd69626fdfce259
Instruction Fuzzy Hash: EDC08031B25115574D1472BA143047F71CE46D4836380493FD40F8F750EC658C1203D5

Uniqueness

Uniqueness Score: -1.00%

Function 014D9348 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6092ed867db47a222f25c6794da78dc07c4c0eb8093172d310f95466cd7d2fa9
Instruction ID: d9de0836ff69c3a8e913f3df1165fb79c0bed9325ae012f55ccb6dcde5313a25
Opcode Fuzzy Hash: 6092ed867db47a222f25c6794da78dc07c4c0eb8093172d310f95466cd7d2fa9
Instruction Fuzzy Hash: 08D0C76114D381EDD7520B549C3AF717FA4AF49305F054493F949D98E3DE7195248711

Uniqueness

Uniqueness Score: -1.00%

Function 014D7140 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: fa30adade0514a89b1a3cc4a800d30731d33f96c963af9cd91c7999b6c1952de
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: B0D0423AA000048FDB04CB88D5949DDFBF2EB88325F28C1A6D919A7351C732ED56CA50

Uniqueness

Uniqueness Score: -1.00%

Function 014DE9F8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9030cbead76b9ea942dcf2db3e2f7140670d0a961972ac2b50547d9380a5efb9
Instruction ID: 3ac979868c8d8a02e2492467dc272d83554ea808f149822c3f771b171ff6c8d0
Opcode Fuzzy Hash: 9030cbead76b9ea942dcf2db3e2f7140670d0a961972ac2b50547d9380a5efb9
Instruction Fuzzy Hash: 26D02230208312CB8B344A00E0284A2B3A8FA00322301486FD00F3F720CB73BC02C7C2

Uniqueness

Uniqueness Score: -1.00%

Function 06871288 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52951b0f3df7602ba0ee59a0805d6bf6ccf7af4545f51f9ffbbd9d02ebf5a816
Instruction ID: b2de03892341d68fdf959e0356f3c69bb5bed6270a065f211bc2962e5a06e216
Opcode Fuzzy Hash: 52951b0f3df7602ba0ee59a0805d6bf6ccf7af4545f51f9ffbbd9d02ebf5a816
Instruction Fuzzy Hash: C1D0A720538388C9E7509666680F23C7A98271B14DB9C0512ACC7C5800DF18F44091A3

Uniqueness

Uniqueness Score: -1.00%

Function 014D5478 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3877d5c35edd1830ab01c03773c63f8ee488e02be3de1645490373cad6afef10
Instruction ID: dc6685d11ed07c4c17b9fe6d4cb9b4264b58c60f40333272b6fd2b7a69375429
Opcode Fuzzy Hash: 3877d5c35edd1830ab01c03773c63f8ee488e02be3de1645490373cad6afef10
Instruction Fuzzy Hash: B8D0C9202062448BEE3197AC782D32E3E78A701706B4440AAD0068452ADF308551DB13

Uniqueness

Uniqueness Score: -1.00%

Function 014D7E06 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff60689f298736d29407d1fe5257a89446ccc6c493a096f05f09ad42d66909a8
Instruction ID: 024097426906b1807552b99574120bfa505c4f668a68d83d256db3a00b13c40e
Opcode Fuzzy Hash: ff60689f298736d29407d1fe5257a89446ccc6c493a096f05f09ad42d66909a8
Instruction Fuzzy Hash: BFD05230A00209CFCB61AF71E92409E77F0EB08226320032FEA02AB395E3386C02CB10

Uniqueness

Uniqueness Score: -1.00%

Function 06871328 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2810ec26c9979e93ae61b3211d5f47c1420dfeef72101132737d29c9585e65f
Instruction ID: c508bef9fdc4c34d282eac21b191c6158867ccf3b6f646611ab3a3137e3690fe
Opcode Fuzzy Hash: b2810ec26c9979e93ae61b3211d5f47c1420dfeef72101132737d29c9585e65f
Instruction Fuzzy Hash: 17C08C109463CCAEEE4227FAB00932D7F989B72A14FD401AEE84903207FB69541583A2

Uniqueness

Uniqueness Score: -1.00%

Function 014D0180 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59e0a8bc5aa4fcb18e2308f139ea5fee6cab1322ab40c0c1d950a4e085e49d9
Instruction ID: 14f3b4b68fdb8868666a4c223003da53e105998a39f48784af9b2ea526ed95b1
Opcode Fuzzy Hash: f59e0a8bc5aa4fcb18e2308f139ea5fee6cab1322ab40c0c1d950a4e085e49d9
Instruction Fuzzy Hash: 60D01234201304CFCB182B70F01D52C37A5AB84206300087DD80687744DF3BE891CB00

Uniqueness

Uniqueness Score: -1.00%

Function 014D5D70 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29eda359a0051a71ad98c95198ec7d449789910f371606113c5607f835ef60b
Instruction ID: ab10841f4db0ba50c041634d7d8c92c78562f4ef57fc1500c2c30067b7d69827
Opcode Fuzzy Hash: c29eda359a0051a71ad98c95198ec7d449789910f371606113c5607f835ef60b
Instruction Fuzzy Hash: 94C04C20205A058F9E252BF5792E62E7B685A805453844157A40B8E125EE34945287A6

Uniqueness

Uniqueness Score: -1.00%

Function 014D2D30 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a68ca1fa4fdd4088c15cbc946c5d173feece0a842398f3b07bfab3d893091dd6
Instruction ID: 277a61a1789e5bc3336e70eba58e03ab510a609b47002112af0c238980abe869
Opcode Fuzzy Hash: a68ca1fa4fdd4088c15cbc946c5d173feece0a842398f3b07bfab3d893091dd6
Instruction Fuzzy Hash: 8EC0923418DA08E6EDA41184BC3EF7A7218974CB16E100803E20F180BC16F5A1134156

Uniqueness

Uniqueness Score: -1.00%

Function 068712B9 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b2292d5dfeead525a8b2f9357ce05ee24eb5916cfbc9a2f7d4efc7f223ae6fc
Instruction ID: 13594a2d29a5b02dd88efa86ccedad6fbd7ff4593cd75356918130d396d4d55d
Opcode Fuzzy Hash: 6b2292d5dfeead525a8b2f9357ce05ee24eb5916cfbc9a2f7d4efc7f223ae6fc
Instruction Fuzzy Hash: C9C0800921B0C5CDD701C75DF41522CA76117FB100FAC519FC0C1C6531C56448054351

Uniqueness

Uniqueness Score: -1.00%

Function 014D0660 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ba4e8d45eaf66857b86fce1085bb3d24dc4515932bbb2942c3b69833c629afa
Instruction ID: f44ba438521ce064f1d40618010adab9e8aef346da2cc18dc7df8f6fd4b95f01
Opcode Fuzzy Hash: 8ba4e8d45eaf66857b86fce1085bb3d24dc4515932bbb2942c3b69833c629afa
Instruction Fuzzy Hash: 74C02B70046204CEC2141A70280D43D7A0996C0301B70C837B40503430C93374539911

Uniqueness

Uniqueness Score: -1.00%

Function 014D6B60 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaed1a89f1044873ea61358bf4780ab029ad7d92dd7012e00ffc679fc152fce5
Instruction ID: 259eff2bd243491b7e3588b9305ed8f3296c81d5552367670ffb41e9cf7189e9
Opcode Fuzzy Hash: eaed1a89f1044873ea61358bf4780ab029ad7d92dd7012e00ffc679fc152fce5
Instruction Fuzzy Hash: CFC04C786893954FD342576448159803EA4BB02234B9500DA81908A5A3D19C48419A15

Uniqueness

Uniqueness Score: -1.00%

Function 014D7164 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: e31423faea2654cf6cf0ede3ac60af2d7ff01b533bfeb9e1270035b518b6f2a8
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: DDB092B7A44008C9DF008A84B4453EDFB30E79032AF104123C31052240D23201698691

Uniqueness

Uniqueness Score: -1.00%

Function 014DC9C9 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55a0c21e673b140d8aae06fd82859da6a4db7226c09af5e9a579dd22adc8f092
Instruction ID: 97050897e3ae31ff5851731c8821230f0b14b3dae1e655b84c3144d4fa1da250
Opcode Fuzzy Hash: 55a0c21e673b140d8aae06fd82859da6a4db7226c09af5e9a579dd22adc8f092
Instruction Fuzzy Hash: E0C02B2040CD8C0FC302D71808A83F22FA0DF42169F8E10EFCD8086043C66C0093A255

Uniqueness

Uniqueness Score: -1.00%

Function 014D936B Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389dd61bfc28dfcfafe6b4e3be004ddfcb7201979009803d417fda7f44cc35ae
Instruction ID: d5226d18b18a4de3e5fffddff09921cc6d8092b3588e410d5bdad19c2f13d65b
Opcode Fuzzy Hash: 389dd61bfc28dfcfafe6b4e3be004ddfcb7201979009803d417fda7f44cc35ae
Instruction Fuzzy Hash: CDB01230288200E2DCD00640FC3EB307504530C70DF086503B11FE4CE10DB120120502

Uniqueness

Uniqueness Score: -1.00%

Function 014DD3A0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53aaf0fcc01ccece45da579c6d618145a62426bd476b2812db84ed20e02a31aa
Instruction ID: 638d5d592de89b857868c6c2cc406552b1181c753277446fec9d7b6811ea0424
Opcode Fuzzy Hash: 53aaf0fcc01ccece45da579c6d618145a62426bd476b2812db84ed20e02a31aa
Instruction Fuzzy Hash: BBB09230409308D7C611B795E85A89E3B28FA06200790002AF502810EAAF787E0787A6

Uniqueness

Uniqueness Score: -1.00%

Function 014D2EC0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ae6cb21a35c42069698a83e2a792f75ae83076617945d36bd8ae81421425dd
Instruction ID: 5fe423b14902c12f4bce43baec14476c3302cbcb0fad1e7898750d162188f9bd
Opcode Fuzzy Hash: c0ae6cb21a35c42069698a83e2a792f75ae83076617945d36bd8ae81421425dd
Instruction Fuzzy Hash: 15B012302082080B1F5057B5380CE27338C45C04193400065D80CC0101F550D0D02340

Uniqueness

Uniqueness Score: -1.00%

Function 06871338 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.546274735.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d48e0c42085ac27ccad196c7684c8439e23564c5ce8f89bb44a2fcac40845b4e
Instruction ID: 98e80fc419bc71a7d156b709d6a70467e2cb5b82ca683083845b5e96e03ddcb6
Opcode Fuzzy Hash: d48e0c42085ac27ccad196c7684c8439e23564c5ce8f89bb44a2fcac40845b4e
Instruction Fuzzy Hash: 1CB01220A4164C4BCD8037F5701C42C7B8C4D506007C0041A580D43246BD7568000555

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CA524A Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.538786441.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.538715952.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.539222533.0000000000CC2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
Instruction ID: ec0b74a60bbc23e0c1725e5b58ebaa6fa94d9609e4df1682a988115b0fafde4c
Opcode Fuzzy Hash: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
Instruction Fuzzy Hash: 1332656244F7C24FDB235B788CB86A17FB1AE6321475E89CBC0C1CF4A3E6195959C722

Uniqueness

Uniqueness Score: -1.00%

Function 014D95D0 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4bfd03d8bc6b1c4004786c00a81b35aa3e00f1268802a1f897e170f60fe436
Instruction ID: 888758135f08c40ece5a8a38ffdf7ffc740efb7f49aa2859d521c7638e2f4d6f
Opcode Fuzzy Hash: ad4bfd03d8bc6b1c4004786c00a81b35aa3e00f1268802a1f897e170f60fe436
Instruction Fuzzy Hash: D0817F31F011158BDB54DB69D890A6EB7F3AFC4618F2A807AE419EB365DE30DD02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014D306F Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de0d0de1f640f81009cc1db602592cdd971d96619edd6cb73c553cd227ed381
Instruction ID: 453c0c06f7d0e47b32b84a5bb8240901068029348c9c9e637b0db1ffd4d77f17
Opcode Fuzzy Hash: 3de0d0de1f640f81009cc1db602592cdd971d96619edd6cb73c553cd227ed381
Instruction Fuzzy Hash: 44519072F011168BDB54DB69C890A6EB7F3AFC4214F2A80B4D419EB3A9DE30DD42C781

Uniqueness

Uniqueness Score: -1.00%

Function 014D9697 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.541110671.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db856cc4359d3e8423226dc8e39822c6020acc03749d5eacc332f741c8979f6
Instruction ID: 3988f9555359b32135bb4c4580d4b3ac3434e0996bc277a3167b427596ba9b98
Opcode Fuzzy Hash: 2db856cc4359d3e8423226dc8e39822c6020acc03749d5eacc332f741c8979f6
Instruction Fuzzy Hash: C8517072F015158BDB54DB69C890A6EB7F3AFC4614F2E8065E419EB3AADE30DD41C780

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exePID: 6536, Parent PID: 848COMMON

Execution Graph

Execution Coverage:	22.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	60
Total number of Limit Nodes:	6

Executed Functions

Function 04C023A0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cfb22ff658436cc75d5ebbcfc7de8bab33b81ff01b3ab7efecf2a474e7da0a8
Instruction ID: fc22198c53882e9fec134ffe3380c7565cbd4cba5d3be7c46fbebe3f69624bd5
Opcode Fuzzy Hash: 9cfb22ff658436cc75d5ebbcfc7de8bab33b81ff01b3ab7efecf2a474e7da0a8
Instruction Fuzzy Hash: 35129D30A10216CFCB24DF69C98876DBBF3BB88308F14C1B9D4169B695EB74AD46DB50

Uniqueness

Uniqueness Score: -1.00%

Function 04C02FA8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a3bf652685844b0b3902dc5fca7548790353750bef85f70174465b1866efa5b
Instruction ID: 6a8f8917f891855beac9c1abcb51db41d3190d3180997d87ad3cbb02f64d375b
Opcode Fuzzy Hash: 2a3bf652685844b0b3902dc5fca7548790353750bef85f70174465b1866efa5b
Instruction Fuzzy Hash: 6A818031F011559BD714DB69D884A6EB7F3AFC8314F29C065D819EB3A6DE30ED418B90

Uniqueness

Uniqueness Score: -1.00%

Function 04C02D58 Relevance: 2.6, Strings: 2, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 04C02E76
>_~q, xrefs: 04C02DA5

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: $>_~q
API String ID: 0-1669717660
Opcode ID: fb13c7cdd0c3209f63cf9fee954b64210ee6ae54cee7b18bb63fdf655c1f9a76
Instruction ID: c63d6379a7c3ef209f70d75d9d4266d4e7fec7f70f248f04efa009edfe588c82
Opcode Fuzzy Hash: fb13c7cdd0c3209f63cf9fee954b64210ee6ae54cee7b18bb63fdf655c1f9a76
Instruction Fuzzy Hash: 7C41C930F44255CBCB10CF66C8485AEB763EBC1316B28C4B6C425DB685D635FD42D741

Uniqueness

Uniqueness Score: -1.00%

Function 04C0068F Relevance: 2.6, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Ypq^, xrefs: 04C00702, 04C00707
Zpq^, xrefs: 04C006A1, 04C006A6

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: Zpq^$Ypq^
API String ID: 0-3993173262
Opcode ID: b11d6f2667ef4d40abdfb967febb554a557abee1d86ec58067d271ada9654ef9
Instruction ID: 120e00c4ba52be66cb349e49fd96d7f5c7fee33666c298ac7a8013ee36c43b34
Opcode Fuzzy Hash: b11d6f2667ef4d40abdfb967febb554a557abee1d86ec58067d271ada9654ef9
Instruction Fuzzy Hash: 7B415934218200CBD728AB39EC9D76D3B62BF847097158628F407C7AB5DF345D43AB92

Uniqueness

Uniqueness Score: -1.00%

Function 04C03970 Relevance: 1.9, Strings: 1, Instructions: 639
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_~q, xrefs: 04C03F9D

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: >_~q
API String ID: 0-3236834513
Opcode ID: 31d6832b719147991be2ba52e211f58a30c0f0d487ade3a0276656cf48a010e1
Instruction ID: fe92ee13079e6898d2cad29968ac43484002ebdf305452f951e8e1d40d729862
Opcode Fuzzy Hash: 31d6832b719147991be2ba52e211f58a30c0f0d487ade3a0276656cf48a010e1
Instruction Fuzzy Hash: 5032A071A00245CFCB15CF98C8849AAFBB2FF84314B19C5A6D8099F2A6D731FD42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04D201F4 Relevance: 1.6, APIs: 1, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.298723563.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4d20000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aed646a6376ed32f442dce211c04debe698fcc0d017e23ef5c1be558f95dd24
Instruction ID: fc7810fd53600f13406460661385c71101a3042eaa10cde35562ceaef311502a
Opcode Fuzzy Hash: 0aed646a6376ed32f442dce211c04debe698fcc0d017e23ef5c1be558f95dd24
Instruction Fuzzy Hash: 8941A2715057809FE712CF25DD85B56BFE8EF16324F0884ABED84DF292D274A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AA02 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00C1AAB1

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a4ca5593e26f2273bbcb680806a9512766f6f9acac0b1bfadd6defc8ae2c00e0
Instruction ID: a170d973ca20ea13cdaefd33444360c3859e73c7bc294f5c56b951296dcaa0aa
Opcode Fuzzy Hash: a4ca5593e26f2273bbcb680806a9512766f6f9acac0b1bfadd6defc8ae2c00e0
Instruction Fuzzy Hash: 0C31B1725443846FE7228B25CC45FA7BFECEF06310F0889AAED819B152D264E949DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AAF9 Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1FE95161,00000000,00000000,00000000,00000000), ref: 00C1ABB4

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b098be0bca0aad9e7764114e53b78bc50654b6b63989fa19966b851986d43558
Instruction ID: 3a16a006a38b5a8319d550161aecb10d187c9eb2adab9d184b9d21e048500e05
Opcode Fuzzy Hash: b098be0bca0aad9e7764114e53b78bc50654b6b63989fa19966b851986d43558
Instruction Fuzzy Hash: 433191711093846FE722CB25CC84FA6BFFCEF06310F18849AE9859B193D264E949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04D200F6 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 04D2019D

Memory Dump Source

Source File: 00000003.00000002.298723563.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4d20000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: d56279be3e6cd68b0f927c716e0ba43b6486c8ad9a1251ca5441553456e62534
Instruction ID: 7e52a84bff8ecfb9aeebae4aab2dfff855b4998d7e59ba930b08b220d92f5486
Opcode Fuzzy Hash: d56279be3e6cd68b0f927c716e0ba43b6486c8ad9a1251ca5441553456e62534
Instruction Fuzzy Hash: 1431AF715097806FE712CF25DC84B56FFE8EF06310F08849AE984DB292D325E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AA32 Relevance: 1.6, APIs: 1, Instructions: 74
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00C1AAB1

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: add7035acebb5b0fea522e592390969de344e918be94b5b07da0231342a8e8fe
Instruction ID: 42538ed032a3796e8afe1d73490a59680dd2a7eca99728dee49b8f67dbdf3942
Opcode Fuzzy Hash: add7035acebb5b0fea522e592390969de344e918be94b5b07da0231342a8e8fe
Instruction Fuzzy Hash: DE219F72500204AEE7219A15CD84FABFBECEF04710F18895AED459B241D674E949DF72

Uniqueness

Uniqueness Score: -1.00%

Function 04D2012A Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 04D2019D

Memory Dump Source

Source File: 00000003.00000002.298723563.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4d20000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 77531f1683c8b5d22154da40416b51018eeab9b8e109972bb2a2480b54e0e5fe
Instruction ID: a9c6c7f2fa8068d7bcb53989b4f865f49df63222c52eda040b1d1d5b28e14789
Opcode Fuzzy Hash: 77531f1683c8b5d22154da40416b51018eeab9b8e109972bb2a2480b54e0e5fe
Instruction Fuzzy Hash: 74219271604240AFE722DF25DD45B6AFBE8EF04314F04846AEE85DB242E775F504CA75

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AB3A Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1FE95161,00000000,00000000,00000000,00000000), ref: 00C1ABB4

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7926eae1fe5deefbb04906a310dd384378d54f24bbe6af48b29dc130b9747ef8
Instruction ID: 669bb8c4e3f09ee1e82680a6dc1b61f8ef18bcd3f3f68c361c3166c78eee73c7
Opcode Fuzzy Hash: 7926eae1fe5deefbb04906a310dd384378d54f24bbe6af48b29dc130b9747ef8
Instruction Fuzzy Hash: 57219071605244AFE721CF25CC80FA6FBECEF05710F1884AAED459B251D260E948DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AF69 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00C1AFEA

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: aa465c260ddba7f1a5043ce5b6583ff5b7bfcc0268a29181705d7c13fbc0ae71
Instruction ID: bd276afae44bedfe61c01f147d46319b2132d3469d1d7b5782c0046b328e6ebe
Opcode Fuzzy Hash: aa465c260ddba7f1a5043ce5b6583ff5b7bfcc0268a29181705d7c13fbc0ae71
Instruction Fuzzy Hash: 41110871505740BFD7128B16CC41F76FFB8EB86A20F19819AED488B642D225B915CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00C1B7CA Relevance: 1.6, APIs: 1, Instructions: 61
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 00C1B841

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d95853bb3f5497ffd9cdf2b856a83940f82ff5c80a15a4c032abdef30fc5d6c3
Instruction ID: 6e23dd9796ab3d06a96eba60f0e0850dfaa3077757ba2d3c06505dbac93a0b1e
Opcode Fuzzy Hash: d95853bb3f5497ffd9cdf2b856a83940f82ff5c80a15a4c032abdef30fc5d6c3
Instruction Fuzzy Hash: F6218C724097C09FEB128B21DC50AA2BFB4EF17324F0D84DAEDC44F163D265A958DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A51F Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C1A58A

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d2c88ad008e61702be8130f29dae29491a3913ae11af32c38bb3ac207ac80338
Instruction ID: 74d98286c3533ef97682124a62c4157c9aa66dd28474871efc50ff2203380cb8
Opcode Fuzzy Hash: d2c88ad008e61702be8130f29dae29491a3913ae11af32c38bb3ac207ac80338
Instruction Fuzzy Hash: 99117271409780AFDB228F55DC44A62FFF4EF4A320F0884DAED858B163C275A518DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BB4F Relevance: 1.6, APIs: 1, Instructions: 59
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 00C1BBB9

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b21e0cc26040ec1b4cde03b4d8f4f2cfb71676d2d9c8ab1bcf5dc01f878e8073
Instruction ID: 4f8b4fbb31a30833ad97f5d9cd29597d1510ae8ffc0f4360e1a90bb07f0e33fd
Opcode Fuzzy Hash: b21e0cc26040ec1b4cde03b4d8f4f2cfb71676d2d9c8ab1bcf5dc01f878e8073
Instruction Fuzzy Hash: C811EE31009380AFDB228F21CC85B52FFB4EF06220F0884DEED858B563C265A848DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BE05 Relevance: 1.6, APIs: 1, Instructions: 58
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DispatchMessageW.USER32(?), ref: 00C1BE70

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: ac01261ae7a3fb7458bd8208c7f5d3c0cd2be529ffa515b2e5b38bcf71ed366d
Instruction ID: 0b916b5371f288705ba0c89d5d89c56b8e8e07931f066213153f58df13b2ca3e
Opcode Fuzzy Hash: ac01261ae7a3fb7458bd8208c7f5d3c0cd2be529ffa515b2e5b38bcf71ed366d
Instruction Fuzzy Hash: 3F11AF714093C09FDB138B258C84761BFB4EF47624F0980DBDD844F263D2695948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1B71E Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 00C1B78A

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 0fa67bc50fe66b05ccbb9dc49aa8d60efa3c5d18321d13a917adaf44495d43db
Instruction ID: e5ad3f1d27fbac8d71f701f8563e0736e51bf1332f83f22a7ff7111bd34f1ae1
Opcode Fuzzy Hash: 0fa67bc50fe66b05ccbb9dc49aa8d60efa3c5d18321d13a917adaf44495d43db
Instruction Fuzzy Hash: 761190314043809FCB228F55DC84A92FFF4EF4A320F09849EE9858B562C379A458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BEB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?), ref: 00C1BF0C

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 57aa41742df54610a2983f5fcef700c0228f22cf0dfa09c90e9e5a50c49ebb0a
Instruction ID: 174dc822ec2ddac15c97dce588f8999960773ff1c0f127388499393dc7672475
Opcode Fuzzy Hash: 57aa41742df54610a2983f5fcef700c0228f22cf0dfa09c90e9e5a50c49ebb0a
Instruction Fuzzy Hash: 90118F715053809FD711CF65DC85B96BFE8EF46220F0884EAED45CB256D278A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A75B Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00C1A7BC

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c6bb38067d88a9643bf882be495d5c7da85fbecfe31852becfea4d2c0c55c983
Instruction ID: 521b1b5c63c1bbe07cdcb43557f3649e56f86bc218d1b8f32c2dca3ef31f8668
Opcode Fuzzy Hash: c6bb38067d88a9643bf882be495d5c7da85fbecfe31852becfea4d2c0c55c983
Instruction Fuzzy Hash: C4118F714493849FD712CF15DC85B92BFB4EF46220F0984EBED458F253D279A948CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00C1A926

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: d29ecd32fdee43daae328666f4db0c174ab80cbdc349dbc9eab46a3a652fab9a
Instruction ID: f7f5bedd81e41900ecbe575769f5bd9c71194b7fb23c4aa38c6bd865185fde79
Opcode Fuzzy Hash: d29ecd32fdee43daae328666f4db0c174ab80cbdc349dbc9eab46a3a652fab9a
Instruction Fuzzy Hash: 2E117C314097849FD7228F15DC85A52FFB4EF46320F09C4DAED854B262C279A958DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BED2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?), ref: 00C1BF0C

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: fc22dcf4da0a7c3b446bdc911adb1e35ee2848f064dd62b33cf8c6427e5aabd2
Instruction ID: 42525e939859f4fbf44acc2c9f7137a2c659b36f8c079839eaecb187033fe6a8
Opcode Fuzzy Hash: fc22dcf4da0a7c3b446bdc911adb1e35ee2848f064dd62b33cf8c6427e5aabd2
Instruction Fuzzy Hash: 85019E756002408FDB20CF6ADC857A6FBD8EF01320F18C4AAED49CB646D374E949DE61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C1A58A

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 75a095e2bd33dcd2df560dc088d94a4365f5a5d680c682ad7d3ad2176430f55e
Instruction ID: 3c6bfdd7918caf3c81ae3e7828c3e98eddae74d66370c92e2b1789c24b88fda1
Opcode Fuzzy Hash: 75a095e2bd33dcd2df560dc088d94a4365f5a5d680c682ad7d3ad2176430f55e
Instruction Fuzzy Hash: 4601AD314046009FDB218F55DC44B96FFE1EF48320F08C8AADD894A616C275A558EF62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1B746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 00C1B78A

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 972129a59fff49ddec0c33dfef73b8392a76dcd6f442fbae18605a2586ee8fda
Instruction ID: cb45ddf5d0bc1003ceda2e438317c635b5baea6e06db8219a1cab43e72fb00eb
Opcode Fuzzy Hash: 972129a59fff49ddec0c33dfef73b8392a76dcd6f442fbae18605a2586ee8fda
Instruction Fuzzy Hash: EB016D314006409FDB218F55DC84B96FFE0EF48320F08C8AEEE894A666D375A558EFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00C1AF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00C1AFEA

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: d583e27dcf922341ca6ab38be8e98d1e32a0fd675f041b80827a408dc5df5158
Instruction ID: 62f36af2c7e57449c4743d424107add70d94580ee87bbffef21eb86c662c84dd
Opcode Fuzzy Hash: d583e27dcf922341ca6ab38be8e98d1e32a0fd675f041b80827a408dc5df5158
Instruction Fuzzy Hash: 1D01AD71600600ABD650DF1ADC82B26FBE8FB88B20F14815AED084B741E635F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00C1BBB9

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ca2bf220970c691ee038b6843f34f02572bd4eae9f5f48d56afd4cd00dc4b3d4
Instruction ID: b28af8c38a67d973ffed94af85cd2b6711fa18225f0aff1bf8f02af7f0b97f0f
Opcode Fuzzy Hash: ca2bf220970c691ee038b6843f34f02572bd4eae9f5f48d56afd4cd00dc4b3d4
Instruction Fuzzy Hash: 7501B1355046408FDB218F16DC84BA6FBA0EF05320F08C09EED454BA66C375A958EF61

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00C1A7BC

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 58ba37607e7b4ebb5399276ef51c4dc4b06d199004d64cef680d6fc04b2aaa8d
Instruction ID: 72dad0193ea281da60cab28a84199018e96dcf6291a14588dcaf63c86b084ae8
Opcode Fuzzy Hash: 58ba37607e7b4ebb5399276ef51c4dc4b06d199004d64cef680d6fc04b2aaa8d
Instruction Fuzzy Hash: 9C01AD748012408FDB20CF16D8847A6FBE4EF45321F18C4AADD488F246D279A648DAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C1B806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00C1B841

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0fd9195192297ba3d5f3c689d5fe4996e171ec0cd4a4d590cdeebc04a7d54026
Instruction ID: 4e82fe148eaf06abdb5faf5cc6f251da3c26557249953c09af295265411d21a8
Opcode Fuzzy Hash: 0fd9195192297ba3d5f3c689d5fe4996e171ec0cd4a4d590cdeebc04a7d54026
Instruction Fuzzy Hash: F1018F31400640DFEB218F16DC84BA5FFA4EF09721F08C49ADD854B266D375A959EF62

Uniqueness

Uniqueness Score: -1.00%

Function 00C1A8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00C1A926

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 5c14c48a33cacc137bc3c9d86f2de5fa464b5f2a6a3976c3c8eda21ee5ce6cf6
Instruction ID: eb3ef01af90fe1e700447caf02767abfe475ca9bbc0f0e20eb69318b01b4a8f7
Opcode Fuzzy Hash: 5c14c48a33cacc137bc3c9d86f2de5fa464b5f2a6a3976c3c8eda21ee5ce6cf6
Instruction Fuzzy Hash: F101AD314016408FDB208F16D885792FFA0EF05321F08C4AADD860B256C275A988EB72

Uniqueness

Uniqueness Score: -1.00%

Function 00C1BE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 00C1BE70

Memory Dump Source

Source File: 00000003.00000002.298149341.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c1a000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: a568a6a31d46f5e544f26494165d727460018ff461d1ceef69fc9b2a4b9928ba
Instruction ID: c293f809d5831ae4af1f546bb673ec0e4b2f73d950065e7290aa7f1c508b2ba1
Opcode Fuzzy Hash: a568a6a31d46f5e544f26494165d727460018ff461d1ceef69fc9b2a4b9928ba
Instruction Fuzzy Hash: F9F0AF359046408FDB208F06D8847A5FFA0EF05321F18C4AADE494B256D3B9A948DEA2

Uniqueness

Uniqueness Score: -1.00%

Function 04C002E8 Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

:@yq, xrefs: 04C00537

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: :@yq
API String ID: 0-397920524
Opcode ID: f49727d1dc09d3d4a23bc1ddd645c17e8d7ee0ec4bb017c8ab2c5c60194dfd7a
Instruction ID: e4864d80bd558bd365d0924b8fe3272af4b19745a814372f6f2aa9c183c09833
Opcode Fuzzy Hash: f49727d1dc09d3d4a23bc1ddd645c17e8d7ee0ec4bb017c8ab2c5c60194dfd7a
Instruction Fuzzy Hash: E751C134B042058FCB19DF6AE4507AE7BF3AF89300F198069D446AB3A2DA31AD01DB56

Uniqueness

Uniqueness Score: -1.00%

Function 04C021F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 04C0230F

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 720a7e963f3f267d2fffdf5966c382eb84505fb0da9363ca1d82915c6d00c03c
Instruction ID: f3061363ab8f245c51b0ef6212923129b236b9ae0074adf1b8183dfe3ec8cf28
Opcode Fuzzy Hash: 720a7e963f3f267d2fffdf5966c382eb84505fb0da9363ca1d82915c6d00c03c
Instruction Fuzzy Hash: D0410830E08209DFCB54DBA5C5496BEBBB2BB44310F14C4AAD402A76A1E735AE46DF52

Uniqueness

Uniqueness Score: -1.00%

Function 04C012A0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c424d59ea48dcd7b26eccb2b9ab736bd85654ecbae42883933be75d25a68d41
Instruction ID: 80e6245b6a674608ab8ef3c1d20b6811d1803707538979acb3a3bbeeccdd8512
Opcode Fuzzy Hash: 8c424d59ea48dcd7b26eccb2b9ab736bd85654ecbae42883933be75d25a68d41
Instruction Fuzzy Hash: 33220478A00605CFC724DF29C580A6AF7F2BF88308B54C599E85A9B756DB31BD86CF41

Uniqueness

Uniqueness Score: -1.00%

Function 04C009A5 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067dc8ae269a6723982fea1544f5336f6eb5666de1ec17557d5925bb6da05269
Instruction ID: 541f17874132d5965757e3926acd8ffd4fef9e1e9152fd7f8b5a858f32d6d1a4
Opcode Fuzzy Hash: 067dc8ae269a6723982fea1544f5336f6eb5666de1ec17557d5925bb6da05269
Instruction Fuzzy Hash: 0751E331B04255DFCB149B6AE894BAEB7F3FF85304F258569E446DB690DB30AD02DB80

Uniqueness

Uniqueness Score: -1.00%

Function 04C01458 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b264969956b2e6c7dc82686b5705636d450d701c74cdc86d6c25e2d0b973669
Instruction ID: 1e9e6f76bc30b93600a1b414ad918d8e428e6579dc8b905ae06420a8d204e527
Opcode Fuzzy Hash: 2b264969956b2e6c7dc82686b5705636d450d701c74cdc86d6c25e2d0b973669
Instruction Fuzzy Hash: 75513974A00218CFCB14DF64C894B9DB7B2BF49308F5480E9D40AAB765DB31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04C002E2 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8720d4ddd7e6a1170acfed4c3b710808742e8d02217d508ffe44cddb856c34a3
Instruction ID: e975f9e0aa4328531d7be36365fd656757b7d8b4a6df2e4272849b8ba2c638ed
Opcode Fuzzy Hash: 8720d4ddd7e6a1170acfed4c3b710808742e8d02217d508ffe44cddb856c34a3
Instruction Fuzzy Hash: C3318A74B002158FDB19CF6AE060BAE7BB3EF88310F168069D506AB7A1DB71AD41CB55

Uniqueness

Uniqueness Score: -1.00%

Function 04C01292 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08c660cfba04c268118a2268c8fb5d76f48dd79986f193bddecd06fe386e9551
Instruction ID: 51482696a3c6648861c5cfea99634a9e16b541a51aaa430d546d010d702cff56
Opcode Fuzzy Hash: 08c660cfba04c268118a2268c8fb5d76f48dd79986f193bddecd06fe386e9551
Instruction Fuzzy Hash: B8413B34A04219CFCB24DF69C880BADBBB2BB49304F0880D9D40EAB795DB31AD84DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04C025DE Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67fd9c8383ae1865aa590fadecbe1bebd2bbf4bec307e3df54cb6c6bb8a5fbd
Instruction ID: c3280d159e3921f9bdac2307862920a9ac6020658c12bdb014a0b076a6141f68
Opcode Fuzzy Hash: b67fd9c8383ae1865aa590fadecbe1bebd2bbf4bec307e3df54cb6c6bb8a5fbd
Instruction Fuzzy Hash: B0316130A1024ACFDB60DF65D54875EBBF3BF44314F14C1A9C0059B296DB74AA8ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 04C021F7 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a2d8c7cdd3f839c91a3e2176394e3fb578b4b16253346638686d6daf761c06
Instruction ID: 82045b395265f0840391d1479c03d826b4fa0fcc417fb3fe547d9114c304181d
Opcode Fuzzy Hash: 00a2d8c7cdd3f839c91a3e2176394e3fb578b4b16253346638686d6daf761c06
Instruction Fuzzy Hash: 78216B30E0820ADFCB54DFE5C1487BDBBB2FB45310F1485AAC402A76A1E731AE45EB42

Uniqueness

Uniqueness Score: -1.00%

Function 04C04190 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c7d3ef4df97a03e17769205ed888c3add231d31528f730e95dd48156a9324c
Instruction ID: c7d16ec2013e2319f7711c0d571d485b7d5df6e135afb2ac4ee63866f7e44f78
Opcode Fuzzy Hash: 53c7d3ef4df97a03e17769205ed888c3add231d31528f730e95dd48156a9324c
Instruction Fuzzy Hash: 53115C31B042159BDB2CF7B2D8046BF76B7AF84300F14813A9607972C0EE70A9419796

Uniqueness

Uniqueness Score: -1.00%

Function 04C011DF Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a39f077177bcdd44b44f27322a0613a386150e82e77235ceeac196dedd2a55e3
Instruction ID: 4f786b93f27f70295fbfc9dc743fdde3e990a17ffb790eccf97633b8b001b84a
Opcode Fuzzy Hash: a39f077177bcdd44b44f27322a0613a386150e82e77235ceeac196dedd2a55e3
Instruction Fuzzy Hash: E911B23530D2C08FC3069B399464979BFB6AF9730471D80EBD046CB2A7DE666C099B52

Uniqueness

Uniqueness Score: -1.00%

Function 04C00C68 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0c7cfb5742c6ce78fc4f7d5e587102d8942089588e42e90eff017c7e7423ae
Instruction ID: 0cefe25879444cb56ca77270f4f08f2c8d8db3f3f435f104617b668e110acd58
Opcode Fuzzy Hash: 4c0c7cfb5742c6ce78fc4f7d5e587102d8942089588e42e90eff017c7e7423ae
Instruction Fuzzy Hash: 3E117031300104CFC7449B2AD454BAE7BE6AFC9250B19806AE50BCF7B1DE72DC4AE792

Uniqueness

Uniqueness Score: -1.00%

Function 026B0845 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298291428.00000000026B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_26b0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a75216412290c95b9d46d6c78b1c8cdcaa96721b4736e795e0570c8c9623427
Instruction ID: e8f2c11d50458ff01a2b3d44ebfb72c84ec89b177640d8e412924c83e3c0e120
Opcode Fuzzy Hash: 7a75216412290c95b9d46d6c78b1c8cdcaa96721b4736e795e0570c8c9623427
Instruction Fuzzy Hash: 3C215B3510D3C08FD717CB20D850B56BFB1AF87604F1985EAD4858F6A3C33A985ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 026B087C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298291428.00000000026B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_26b0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a33ba3b8ca4117e1d71366cbe741863fecc6d832e894a34f0c6df47b514048
Instruction ID: c8d81ce69a987bcfa5037f5a178cc441beada1a931e9ce749712bab2910b3312
Opcode Fuzzy Hash: f7a33ba3b8ca4117e1d71366cbe741863fecc6d832e894a34f0c6df47b514048
Instruction Fuzzy Hash: 0411D230204280DFDB16DB14C940B67BF91AF88708F28C99DE9494B742C37B9843CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04C00C70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e2b75e504cc42530d64672bb181c97a0a8eaf186b6f13cf8fd55245b4cdfe43
Instruction ID: 0c4fd1b17235569fb7f19efeba4485fb972add7d9cecd0bad771a9a66ea4e6e7
Opcode Fuzzy Hash: 7e2b75e504cc42530d64672bb181c97a0a8eaf186b6f13cf8fd55245b4cdfe43
Instruction Fuzzy Hash: E3118E313001048FC7449B2AD454B6E7BD6AFC9610B29806AE50BCB7A1DE72DC0AEB92

Uniqueness

Uniqueness Score: -1.00%

Function 04C00070 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390e73908f65d8952306b3de415a55e4b64c8498a29e5a64bd8d05fbbf3fa8c7
Instruction ID: a4d7ecdc182b2738b7d8ac21d8c350a9a04d3c469583ff3be63af409efb1e71a
Opcode Fuzzy Hash: 390e73908f65d8952306b3de415a55e4b64c8498a29e5a64bd8d05fbbf3fa8c7
Instruction Fuzzy Hash: 98113A78604306DFCB08FF79E44565D3BE2FB85308F04892DA086C7A59EB709D41AB52

Uniqueness

Uniqueness Score: -1.00%

Function 04C04180 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b7e6d044cf703032c3c654d54b444a593a393dedd6e2da3fd04350f0ccdb97
Instruction ID: 197d98048b543e1cc7245286008a689a17bb054890bacf17a5e41aa9ff0711bb
Opcode Fuzzy Hash: 47b7e6d044cf703032c3c654d54b444a593a393dedd6e2da3fd04350f0ccdb97
Instruction Fuzzy Hash: FAF0783A709220DAC72C2B727C440FF7B779AE0241704C03BC70A86680F632E0168B99

Uniqueness

Uniqueness Score: -1.00%

Function 04C01209 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e354f72ba8ebea5a0d8aa185cff115d528182df168d821b49b0cf6b3a525d0
Instruction ID: ec9dd61f8d346049607c5657a922a0228a91c8610ba59f7d7d11a05157b00a07
Opcode Fuzzy Hash: 59e354f72ba8ebea5a0d8aa185cff115d528182df168d821b49b0cf6b3a525d0
Instruction Fuzzy Hash: B60175343081408FC708976DD0948B9BBE6AF9670471D81EAE006CB6B6DF725C099B42

Uniqueness

Uniqueness Score: -1.00%

Function 04C005C7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be539f685ef650b70ec706191949d9e9876dc24555de01906a819c116d16bf42
Instruction ID: 35c22e4a09bda6c495bbdedeabc0ee6da34c23fb75288fa7c0f8caa009fb6075
Opcode Fuzzy Hash: be539f685ef650b70ec706191949d9e9876dc24555de01906a819c116d16bf42
Instruction Fuzzy Hash: C7F090307001200FCA096A7E64166BF5A8B9BC9A44728842FF90BEB3C5CD65AD4363D6

Uniqueness

Uniqueness Score: -1.00%

Function 04C005C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c49c42d6085a983f403cca4788f398a3860c855e5ead9d991e57eaaa3423afa
Instruction ID: 77be2c1eaf8454025487e10b6308de1b65082cea8be0791f2ce9c4582ccd5609
Opcode Fuzzy Hash: 3c49c42d6085a983f403cca4788f398a3860c855e5ead9d991e57eaaa3423afa
Instruction Fuzzy Hash: 9CF0B4307001200BCA087A7E64166BF5A8FDBC9A44718842FF90ADB3C5DD75AD4323E7

Uniqueness

Uniqueness Score: -1.00%

Function 04C0239F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e23345175f0fa7551b0b0f8c1b9680dc94ea1b031571e207df81eadfa96ed9
Instruction ID: 7eccfd4f1d62b2e683f5a349afbef1211a4580caac741c775d3efb8652b295b7
Opcode Fuzzy Hash: b6e23345175f0fa7551b0b0f8c1b9680dc94ea1b031571e207df81eadfa96ed9
Instruction Fuzzy Hash: 12115270E04259CFCB248F95D548AADBFB2AB44304F1480AED506A7784EB702D45DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04C00910 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fa5c5a68bc6c2ce8f443137511462c8bbb4d37b30cd4be96edb0541133757d
Instruction ID: 596c51f1a5afdcf1d2981c04dec1d66bd856617fc9a5da41dc1b69611df09220
Opcode Fuzzy Hash: d8fa5c5a68bc6c2ce8f443137511462c8bbb4d37b30cd4be96edb0541133757d
Instruction Fuzzy Hash: 70012B31B182088BD7205AB77480BBFB7A76B8022071AC62BC90753280DAB058039691

Uniqueness

Uniqueness Score: -1.00%

Function 026B05CF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298291428.00000000026B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_26b0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe1570328cb02689360197af2f7793329c3ef6af27202047dd7b62435d6db6b8
Instruction ID: c565165eac63e22d72c1a69da35d3e6bd74ba17b0610097e838e515dc730c9b9
Opcode Fuzzy Hash: fe1570328cb02689360197af2f7793329c3ef6af27202047dd7b62435d6db6b8
Instruction Fuzzy Hash: C2018B7550D7806FD7128B16DC41863FFB8EF86520719C5DFEC498B613D129A909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04C01218 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c14bbed1144ff2c9b6d3143d418a39afb924340154e6aba19d7d180a9ebf4cf
Instruction ID: a81ae34def915d4a781563f86127f51f2f26adeda341f16763f2123f9a89d85f
Opcode Fuzzy Hash: 1c14bbed1144ff2c9b6d3143d418a39afb924340154e6aba19d7d180a9ebf4cf
Instruction Fuzzy Hash: 30013134304110CBC608AB2ED058979B7EBBFD970472981AAE406CB7B5DF72AD099782

Uniqueness

Uniqueness Score: -1.00%

Function 04C011BA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee68a7bbf8d1d6d48c22d22b5d70260a90704470d6864c0c3fb5e9c797ba6366
Instruction ID: 0bee98c799d8c36c7e66f5622f68c265ef36a71c81b94c7122929dac21814684
Opcode Fuzzy Hash: ee68a7bbf8d1d6d48c22d22b5d70260a90704470d6864c0c3fb5e9c797ba6366
Instruction Fuzzy Hash: 2FF03C34318100CBC708AB6DD098979B7E7AF95304B1DC0AAE406CB6B6DF72AE099B41

Uniqueness

Uniqueness Score: -1.00%

Function 04C00918 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a855430df846328b1c1ad7db33dedf8459c331ca9aff176e5d5a3260d633c3
Instruction ID: 8a0d2aeaf79a702c703a860f076571d913c0df238197cbbc70a862cffebad706
Opcode Fuzzy Hash: a8a855430df846328b1c1ad7db33dedf8459c331ca9aff176e5d5a3260d633c3
Instruction Fuzzy Hash: 1FE0EC31B15218D7971055F7B8007AFB79A9785260F06C5379E0B93280F97069165292

Uniqueness

Uniqueness Score: -1.00%

Function 026B0938 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298291428.00000000026B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_26b0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction ID: 33b49f36948239ea9c280cb0140609defaf357c8c18dcce6088d6ca8a126086e
Opcode Fuzzy Hash: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction Fuzzy Hash: 84F01D35108644DFC706DF00D540B56FBA2EB89718F24C6ADE9490B752C337E813DB81

Uniqueness

Uniqueness Score: -1.00%

Function 026B05F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298291428.00000000026B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_26b0000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eec15a4f64380a306163e4b1b34a0735743c4de0e142c7bcbb8c8efcb86874ab
Instruction ID: 441af3c055ea48f40f38b65f1ed74de7df6ffd74616f1f58a2118ea09e8c47fc
Opcode Fuzzy Hash: eec15a4f64380a306163e4b1b34a0735743c4de0e142c7bcbb8c8efcb86874ab
Instruction Fuzzy Hash: 81E092766446004BD654CF0BEC81466F7D8EB84630B18C07FDC0D8B701D539B505CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 00C123F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298144667.0000000000C12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C12000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c12000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5d6ab6cd9588c42e53093e748147a6a9897a8112cf06ee23c0696a10416ed18
Instruction ID: d942487d848369e149969a9894e320ea378cf5ab5f9c267a2b1078611bc4d029
Opcode Fuzzy Hash: c5d6ab6cd9588c42e53093e748147a6a9897a8112cf06ee23c0696a10416ed18
Instruction Fuzzy Hash: 13D05E79205A814FD3268A1CC1A8F993BD4AF53B04F4644F9E8008B663C369EAD1E200

Uniqueness

Uniqueness Score: -1.00%

Function 00C123BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298144667.0000000000C12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C12000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c12000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a9ddd58994fff99f3719323c7061871205281daaf7a1310ea1a349a2a08dfa
Instruction ID: 5e8d11eaed1f4b32391f6ebd9a1e2d52fb9d9aa446d359d6003db459c7b5e316
Opcode Fuzzy Hash: 40a9ddd58994fff99f3719323c7061871205281daaf7a1310ea1a349a2a08dfa
Instruction Fuzzy Hash: 45D05E382002814FC725DB0CC194F9937D8AB42B00F4644E8AC208B272C7A9DDD1E600

Uniqueness

Uniqueness Score: -1.00%

Function 04C02CF0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82719d29c0a7cbf39f46f7a79bfbd8c0abcc0b20a4928b313bec51a45d8ee95
Instruction ID: 540c8b0b373af22d76e659afa81240ce78e59440f260f113c764f42bd5fa7072
Opcode Fuzzy Hash: c82719d29c0a7cbf39f46f7a79bfbd8c0abcc0b20a4928b313bec51a45d8ee95
Instruction Fuzzy Hash: CBD0C974604305CBCB08EB78A488A2CB7E2EB85304B148459914BC7A95EB309C40B712

Uniqueness

Uniqueness Score: -1.00%

Function 04C00180 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcb065215488ba83cdda3fe2b8d007b28d87148a6bd7cd3d76a15d5e7ec2991
Instruction ID: 1db3ff1919ec7ca2a6aa13c0f33e0abaec85a855d769894ac67c3b517f548e07
Opcode Fuzzy Hash: dbcb065215488ba83cdda3fe2b8d007b28d87148a6bd7cd3d76a15d5e7ec2991
Instruction Fuzzy Hash: C6D01234210304CFCB182B74E41D61C37A6AF88309300087DE80787B50DF36E841CA10

Uniqueness

Uniqueness Score: -1.00%

Function 04C021BC Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 671b41aaa1b334cbf784f86cbaa9b3de36989e944ea0cf28f782fe8ca4b0d5d0
Instruction ID: d05eb36791d4ab726fc3bb64997b18c30039523385a0ae3dbe1378ea9b87da3a
Opcode Fuzzy Hash: 671b41aaa1b334cbf784f86cbaa9b3de36989e944ea0cf28f782fe8ca4b0d5d0
Instruction Fuzzy Hash: CBD02238208204DBCF14EF28C8C88383BE3FF883087198888D48387A84E7301C91AA01

Uniqueness

Uniqueness Score: -1.00%

Function 04C0017F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e174517fb1079bb0f595849eef49a9ac4a83155e39032666e630b5230b3e174
Instruction ID: 117f300809106c0ee9819baa04a1ac6b1d3c9bc96085f85a82096254369087bb
Opcode Fuzzy Hash: 9e174517fb1079bb0f595849eef49a9ac4a83155e39032666e630b5230b3e174
Instruction Fuzzy Hash: 9DD0C938245244CFCB296B70A41961C3B62AF99209310097DE807C7B60DA76C842CA00

Uniqueness

Uniqueness Score: -1.00%

Function 04C02EC0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f0a9e12cfdd9a76fb6fe4f72ec9fea33b6ae6b92a3c5d3570d4b21ea11d59a
Instruction ID: df2a3eda19dfe128bc73c7540ea3d7cff228bcff33c518d6d8d4a233c69e9b24
Opcode Fuzzy Hash: f1f0a9e12cfdd9a76fb6fe4f72ec9fea33b6ae6b92a3c5d3570d4b21ea11d59a
Instruction Fuzzy Hash: A0B092312A42090BEB609BB67848BAA338C978061AF4400A1B81CC5940E556E8E12140

Uniqueness

Uniqueness Score: -1.00%

Function 04C002B1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e7049dabf481b15114fa133fa177c8190ca35237b449855ba132f1a8a12e00
Instruction ID: 016fc399312615ba9a0244a749fc8d1d63bb49104f8083c9965928561e4bc93c
Opcode Fuzzy Hash: e4e7049dabf481b15114fa133fa177c8190ca35237b449855ba132f1a8a12e00
Instruction Fuzzy Hash: 49C01231304614C78264D709F540DA577A2FB84700745CD1DE057D7958DB70BD018750

Uniqueness

Uniqueness Score: -1.00%

Function 04C02D2F Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eabec6d67500788f94f75c89298910d1cba320bff36d5fbde35ba2ca030d04d1
Instruction ID: 2707378ef55455380c47e69f1618413dab3bb2ec66dc1dbf28ee18ed08f2d4e0
Opcode Fuzzy Hash: eabec6d67500788f94f75c89298910d1cba320bff36d5fbde35ba2ca030d04d1
Instruction Fuzzy Hash: 01C04C3478D344EAD76403567C2DFB87A12971C701E5C85C6A10B594E9A1916D01E502

Uniqueness

Uniqueness Score: -1.00%

Function 04C02D30 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b393b88e55dee5368bfaa3398e909f85da9d58d577012ca1e33ff17860d487d
Instruction ID: 5b4b17a7e422cd0bc8c6a7075309ff53636c6c160bb63d9af17907837376b5f4
Opcode Fuzzy Hash: 2b393b88e55dee5368bfaa3398e909f85da9d58d577012ca1e33ff17860d487d
Instruction Fuzzy Hash: 98C0923438C708E7E6A41387BC1EF78721A970CB02E9C88C2A20F184E87591BD10E057

Uniqueness

Uniqueness Score: -1.00%

Function 04C0065F Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84530695a7b607a9c2ad83abe8ad62d522ceb820d2bc195ced01ba09d1436cf9
Instruction ID: 22505f60c1a82cbaf33ef94114a35baaa3af90bd0e3282fd5ee7bafa914c8453
Opcode Fuzzy Hash: 84530695a7b607a9c2ad83abe8ad62d522ceb820d2bc195ced01ba09d1436cf9
Instruction Fuzzy Hash: BAC08C7018E180CDC3244B732809A6D7F135AE1201318C93ED80721461C9732152AD01

Uniqueness

Uniqueness Score: -1.00%

Function 04C00660 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.298699137.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c00000_8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 577c914b0a7b8e8d6f1e0174ce7cf37d222e625879caf9aa39c47596b43c5a7a
Instruction ID: 3f5928c544cd54dd52bfb053d0ee00574c435c0ddb0342123024e43dc0fb39b2
Opcode Fuzzy Hash: 577c914b0a7b8e8d6f1e0174ce7cf37d222e625879caf9aa39c47596b43c5a7a
Instruction Fuzzy Hash: C9C02B7014A204CEC2141B733C0D73D760F5AC0301304C8369C06100209D337462B811

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dhcpmon.exePID: 6776, Parent PID: 848COMMON

Execution Graph

Execution Coverage:	27.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 05583850 Relevance: 2.0, Strings: 1, Instructions: 762
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_~q, xrefs: 05583F9D

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID: >_~q
API String ID: 0-3236834513
Opcode ID: 3706b30d722341248d1d5ca3b7349e42411eb08c4a3a2b746e115e7a729a16a4
Instruction ID: 17a09c761ff9ee1a8e6fa52f1a44e01577f064369c45279f52f40e91895c93d9
Opcode Fuzzy Hash: 3706b30d722341248d1d5ca3b7349e42411eb08c4a3a2b746e115e7a729a16a4
Instruction Fuzzy Hash: D252E471A04206CFCB15DF58C88497AFBB2FF85710B16C9AAD819AF216D771ED42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 055823A0 Relevance: .5, Instructions: 505
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0085965d0e4aedaee984d65aa6fa0b9b05cf888c5a512e5742af3b6ac3723985
Instruction ID: 66c03bee9c3c43989a69a2e9fb5aebc03a028a00f17635c2bb377b79f94df541
Opcode Fuzzy Hash: 0085965d0e4aedaee984d65aa6fa0b9b05cf888c5a512e5742af3b6ac3723985
Instruction Fuzzy Hash: 5112AB78A04215CFDB28EF29C48467DBBF2FF88304F54856DD416EB264DB749846CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05582FA8 Relevance: .2, Instructions: 239
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c38b5792a6de3d6f54b12ac6e98bb1a77686441366db767e494c7a3abe3c01
Instruction ID: 22b03f61883224cc63fde0e7c0c71519580c4ec37d76820b08f12fd2bd7366cf
Opcode Fuzzy Hash: c9c38b5792a6de3d6f54b12ac6e98bb1a77686441366db767e494c7a3abe3c01
Instruction Fuzzy Hash: 9B818F31F011159BDB14EBA9D880A6EB7F3BFC4714F2A8868D41AEB355DE30ED028791

Uniqueness

Uniqueness Score: -1.00%

Function 05582D58 Relevance: 2.6, Strings: 2, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_~q, xrefs: 05582DA5
, xrefs: 05582E76

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID: $>_~q
API String ID: 0-1669717660
Opcode ID: ccc594300c98fba463512c77ecd2be46cfa8b68f2aa20f870c8150f0ce04a08e
Instruction ID: 6d13117f8f7d6ffc638f6042b70c81e2279d9b3ceca245f6a6b44f6ce200c782
Opcode Fuzzy Hash: ccc594300c98fba463512c77ecd2be46cfa8b68f2aa20f870c8150f0ce04a08e
Instruction Fuzzy Hash: 7E41A278F041159BCB24EF65C8849BEBFA3FBC0315F14C876C516AB605C635E8428B96

Uniqueness

Uniqueness Score: -1.00%

Function 056B00F6 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 056B019D

Memory Dump Source

Source File: 00000009.00000002.313703015.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_56b0000_dhcpmon.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 0d0d306ab0973bb7b24292148f866f66190acbdc06ae443b2a3d18f7bfe48d80
Instruction ID: e9b82f93bf64d72989b53f8db39099bb7d3ae241a61606ba809b8afa479e8034
Opcode Fuzzy Hash: 0d0d306ab0973bb7b24292148f866f66190acbdc06ae443b2a3d18f7bfe48d80
Instruction Fuzzy Hash: 083193B15097806FE712CB65DC45F96FFE8EF06210F08849AE985CB292D375E909C761

Uniqueness

Uniqueness Score: -1.00%

Function 056B012A Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 056B019D

Memory Dump Source

Source File: 00000009.00000002.313703015.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_56b0000_dhcpmon.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 18203a3395c23cc8ace930703eb22ac1b6d4bcc50fac281e3c7a8193cdb8e035
Instruction ID: 4e47c7979fd6d9509e689df86f27700506d8ebc3987cd9281a816497fb19cf8d
Opcode Fuzzy Hash: 18203a3395c23cc8ace930703eb22ac1b6d4bcc50fac281e3c7a8193cdb8e035
Instruction Fuzzy Hash: E921AF71504240AFE725DF65DC49BAAFFE8EF04220F04846AE9498B641D2B1E545CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055802E8 Relevance: 1.5, Strings: 1, Instructions: 221
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@yq, xrefs: 05580537

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID: :@yq
API String ID: 0-397920524
Opcode ID: 3bc2fc9c4a7151aa0a58a1153a5ec074ca8370ae79aadc0f4cf4aed34421a6a8
Instruction ID: 34c32d4e095a53136158f65a1f65c9737e67ef3dece53b4c9124a552ca2f305a
Opcode Fuzzy Hash: 3bc2fc9c4a7151aa0a58a1153a5ec074ca8370ae79aadc0f4cf4aed34421a6a8
Instruction Fuzzy Hash: 26718330B042058FDB19EB69C454A7E7BE3FFC9710F15846ED506AB3A1DE35AC068B92

Uniqueness

Uniqueness Score: -1.00%

Function 055821F8 Relevance: 1.3, Strings: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r*+, xrefs: 0558230F

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 5f22452228cef4298830d91e365c61947eb7eb80014f122e250a5ac4c1632b7c
Instruction ID: d80231efed1e23dc342ff181065b4fa6ae7cb4a15b40ebf4bd506bd845981766
Opcode Fuzzy Hash: 5f22452228cef4298830d91e365c61947eb7eb80014f122e250a5ac4c1632b7c
Instruction Fuzzy Hash: 7141F634E08209DFCB58EFE5C1956BEBBB2FB44300F5084AAD403A7264DB359A45CF92

Uniqueness

Uniqueness Score: -1.00%

Function 02F40858 Relevance: 1.3, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:h, xrefs: 02F40868

Memory Dump Source

Source File: 00000009.00000002.312271605.0000000002F40000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f40000_dhcpmon.jbxd

Similarity

API ID:
String ID: :h
API String ID: 0-4130776765
Opcode ID: bbc2f1f57d0425a49bfa2323e4ec0308296152e4d7716dff394b039a577c7d1f
Instruction ID: 9976d846b93ca8ff897447d14fadc306d7720430ee115563862e0adbe1a3d03c
Opcode Fuzzy Hash: bbc2f1f57d0425a49bfa2323e4ec0308296152e4d7716dff394b039a577c7d1f
Instruction Fuzzy Hash: 85117C355093C08FD717CB20C860B15BFB1AB47314F2986EED9844B6A3C77A8817CB42

Uniqueness

Uniqueness Score: -1.00%

Function 055812A0 Relevance: .5, Instructions: 460
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d964efc395874f3e03bed9939de04ea7cbe9c3831f9b1bf12cc40157db0c5253
Instruction ID: 544bcf1770ee8c83fa33eaca33baefa170b574f76e26146b9f943af1c197f681
Opcode Fuzzy Hash: d964efc395874f3e03bed9939de04ea7cbe9c3831f9b1bf12cc40157db0c5253
Instruction Fuzzy Hash: B822E434A00A05CFDB24DF25C490E6AB7F2FF88304F11899AD85AAB755DB34AD86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05582BF8 Relevance: .1, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00afa3822125a175f3f4afaaa79683df1f4e4cf9ccc33e5a08dd8e72fb509cc3
Instruction ID: a9f0297a5a1c2845decb15d61c35adad43c346632074b2541285b74805d73692
Opcode Fuzzy Hash: 00afa3822125a175f3f4afaaa79683df1f4e4cf9ccc33e5a08dd8e72fb509cc3
Instruction Fuzzy Hash: 1641177860D395EFC316AB24C884979BFB6FF42315F058AABD446DB562C3249C06C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 055809A0 Relevance: .1, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7141c86061e2d3e11cc45fa0459679184bde649b2323cd3b32484aded2e836ab
Instruction ID: 02c48cdad610f1110f1bdc883071af11d66e69fd78938a8963b829474b72e0ce
Opcode Fuzzy Hash: 7141c86061e2d3e11cc45fa0459679184bde649b2323cd3b32484aded2e836ab
Instruction Fuzzy Hash: 5641A235B00205DFCB149F69D498ABDBBB2FF94301F254569E546AB2B5CB70AC06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05580BC0 Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec445248bb5b6e3e8709c993345a25bfaa0a45e02a8d1f6e07a3ddf3347c08e9
Instruction ID: d93e70478920b359323ff5cce4d9df2422e11ef40ec738feba71955839e93472
Opcode Fuzzy Hash: ec445248bb5b6e3e8709c993345a25bfaa0a45e02a8d1f6e07a3ddf3347c08e9
Instruction Fuzzy Hash: B841A7317051148FC715AF69C4186BEB7E7BF85310F1584A6E90AEF3B1CA719D0A8792

Uniqueness

Uniqueness Score: -1.00%

Function 05580681 Relevance: .1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe7b085abe40439fdd42b46255ffe0b10852ae8bc9e99592cc932cd9d2cfe63
Instruction ID: cd517a3f2164ade41cf62b59791ac5e870a16fdbb3897718ad13aa3e76906393
Opcode Fuzzy Hash: 8fe7b085abe40439fdd42b46255ffe0b10852ae8bc9e99592cc932cd9d2cfe63
Instruction Fuzzy Hash: 8B418E302052018FE7297B35E89CA7D3B67BFD0606755486AE507EB2F8DF704C468BA2

Uniqueness

Uniqueness Score: -1.00%

Function 05581458 Relevance: .1, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b807e58e027d2adc778bf8791b9bc4daa5b8ba2bfdab8b2ff25968a58a2326b7
Instruction ID: 0c3278f134b1bb83f8b09f1b6a41fc7fd674ecf18bf6858d5ab44f7ec9b062fe
Opcode Fuzzy Hash: b807e58e027d2adc778bf8791b9bc4daa5b8ba2bfdab8b2ff25968a58a2326b7
Instruction Fuzzy Hash: FC51E634A04219CFDB14DF64C894BADBBB2BF48304F5040EAD40AAB365DB75AD89CF52

Uniqueness

Uniqueness Score: -1.00%

Function 05580690 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05740c59665314c60e558e26684a6634f02f9d235e0c32fba8b0804f2d48dfa6
Instruction ID: 4c4ff5e1faf065f68665f14d1f42df4c3dd78eedf4a530d2319701db7e4b6c37
Opcode Fuzzy Hash: 05740c59665314c60e558e26684a6634f02f9d235e0c32fba8b0804f2d48dfa6
Instruction Fuzzy Hash: 07416F302052058BE7287B35E89DA6D3B67BFD06067558829F507D72F8DF708C469BA2

Uniqueness

Uniqueness Score: -1.00%

Function 055802D9 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72276d672efa6935e4406e480bde3020726b82b8a770a11c8ccf91ac04446e07
Instruction ID: 112d01ac4d9b9ddd832cd896022d140f166386e5bfd6a480943522eb2e504051
Opcode Fuzzy Hash: 72276d672efa6935e4406e480bde3020726b82b8a770a11c8ccf91ac04446e07
Instruction Fuzzy Hash: E9413C70A006059FDB18DB68C098BBE7BB3BF89310F154469D406BB3B1DB75AC498B55

Uniqueness

Uniqueness Score: -1.00%

Function 05581291 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d5b4ca563c29868aff7faaabe0cdd4efdb7b63b67da61263261d32d688fa80
Instruction ID: d83d8ef6abdf7b4460d4952ee08143ff7e52f4de6b4957f059b2bd08cff96860
Opcode Fuzzy Hash: 78d5b4ca563c29868aff7faaabe0cdd4efdb7b63b67da61263261d32d688fa80
Instruction Fuzzy Hash: 35411474E04219CFDB64EF65D890BADBBB2BF49204F0044AAD40AAB351DB309D86CF52

Uniqueness

Uniqueness Score: -1.00%

Function 055820D0 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc66128158c0faa030fb21e1a02616236aca48ed4d17588d6f1af1b354e31b50
Instruction ID: 27617dd75f38cd8e84a4b5837c690c4c7d354517b6cacb2a346b1ff30051be38
Opcode Fuzzy Hash: dc66128158c0faa030fb21e1a02616236aca48ed4d17588d6f1af1b354e31b50
Instruction Fuzzy Hash: A0315038B08245DFDB15EF68C88057E7BB6FF85300F21846AC546AB245DB30AC41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 05580006 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c216af7c26d6c636fee0c88957696293d71a6f92fce211c6daf2ab44273b8e44
Instruction ID: 39c55879fe10f8245a6bf78ae4ca18dabe04a33c6c6bfc6950f1dcc16ed241d3
Opcode Fuzzy Hash: c216af7c26d6c636fee0c88957696293d71a6f92fce211c6daf2ab44273b8e44
Instruction Fuzzy Hash: 7431703150D381CFC706EB64C8A45683FB1FF52204B4A489FD485CB2B6DB789C49DB52

Uniqueness

Uniqueness Score: -1.00%

Function 055821E8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f68839564e08cf57e782f9f6cae837ec670a573471a374157e1e0891d57c9f
Instruction ID: fddfc7b8779dd638e813521b00d336c67705fee35b801a3632a12fa146230604
Opcode Fuzzy Hash: 61f68839564e08cf57e782f9f6cae837ec670a573471a374157e1e0891d57c9f
Instruction Fuzzy Hash: 8D311834E0820ADFCB54EFE9C0456BDBFB2FB49300F5045AAC403AB2A5D7359A45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 055825DE Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a89ffc4a6ea5af7415035de4db00910d79694b792446ce829951c535dbd2acc8
Instruction ID: 66d6f9acb2c86b408f49e0cd77a349c7d9b4d894955eed906a86c9d7a4b4828b
Opcode Fuzzy Hash: a89ffc4a6ea5af7415035de4db00910d79694b792446ce829951c535dbd2acc8
Instruction Fuzzy Hash: 37314F74A04249CFDB64DF66D484769BBF2FF44314F14C569C005AB269DBB49849CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05584190 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c325d533cc0ce0dcf4a9e774e230722cba3bd5ee203cae69f9c83c295158d809
Instruction ID: f414ad740dfa8303e832357c3e3499d0bf05c162233de14f6b42c37e554e86a7
Opcode Fuzzy Hash: c325d533cc0ce0dcf4a9e774e230722cba3bd5ee203cae69f9c83c295158d809
Instruction Fuzzy Hash: F9112431B04217CBDF28FBF194045BFBABBBFD4204F51492E8807A7284DE70980087A2

Uniqueness

Uniqueness Score: -1.00%

Function 055808B1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28293bff0d67c9317f4559da448074b5858ef9e0c8c7e4606b3f6449a44313c4
Instruction ID: 8602d79867c91a30c52d1cc719ca77bb2e279955d2dd8d3d8ea5737b86495cf1
Opcode Fuzzy Hash: 28293bff0d67c9317f4559da448074b5858ef9e0c8c7e4606b3f6449a44313c4
Instruction Fuzzy Hash: E2117D31A0A3549FD310ABB554589BF7FA6BFD62207014667CC5AA72A2C9604C4BC7D1

Uniqueness

Uniqueness Score: -1.00%

Function 05580B18 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc86e5b6f7b04579574a4cf4fc64009544e75a09ccf2665cc81309cec9fd158
Instruction ID: 3a99f2c99439ae10e39d7b2e7fa5713e8c79cbd2d6c0dec0bd925a451d609ada
Opcode Fuzzy Hash: 6cc86e5b6f7b04579574a4cf4fc64009544e75a09ccf2665cc81309cec9fd158
Instruction Fuzzy Hash: 8C11C831B58166E7CB20F5758889B7E62977B5478BF194C6A8853FB1E0DA30C908C3D1

Uniqueness

Uniqueness Score: -1.00%

Function 02F4087C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.312271605.0000000002F40000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f40000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad95c7dc2aa5e4a84c9b5e36ded2ff6f00e463c2634320cbac768cd87bf54ddc
Instruction ID: 6e5098e713ead72201051aff913fe9f40893aaa269d5b4cd989118beb889d140
Opcode Fuzzy Hash: ad95c7dc2aa5e4a84c9b5e36ded2ff6f00e463c2634320cbac768cd87bf54ddc
Instruction Fuzzy Hash: 9811B435604284DFE319CB14C944F26BF91AB89708F28C99DEB494B752CFBBD813CA91

Uniqueness

Uniqueness Score: -1.00%

Function 05582390 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2d2608f68467fd67881ef088bd44d354499c4b0d05a12e2ce2e0b37cad50a7
Instruction ID: deecdf36ad1f5dae01eddcc8aae053d8d5f826f4264a413811507370fe925b60
Opcode Fuzzy Hash: 8b2d2608f68467fd67881ef088bd44d354499c4b0d05a12e2ce2e0b37cad50a7
Instruction Fuzzy Hash: A411663891824ACFCB28EFA4C450ABEBFB6FB45301F00496AC502B6351DB710842CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 055811DF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a13747a86cd2844761324971dd12bac4853c5230fef8ba89a01a69b9486be1
Instruction ID: 97d1a86a595d7cdf21815ac1d644d674eaebcd3b7e55fa03006aae06a13a16fb
Opcode Fuzzy Hash: b0a13747a86cd2844761324971dd12bac4853c5230fef8ba89a01a69b9486be1
Instruction Fuzzy Hash: 00118E3030C6808FC706EB7AD4548797FA6BF9660071945EBD047CB2B6CB669C0AC792

Uniqueness

Uniqueness Score: -1.00%

Function 055805B9 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71c4a48536cea8be8f0a2a4f187590309706fb0e17c36b1f1d714f3223a6287
Instruction ID: 6ecb37dfcadeb32c1879938845ab1d7063caeb6044b9a0f3e0a1368a02a52b8d
Opcode Fuzzy Hash: d71c4a48536cea8be8f0a2a4f187590309706fb0e17c36b1f1d714f3223a6287
Instruction Fuzzy Hash: B30144307042204FC709AA3E5461ABF1B8BEFD9544314442FE50AEB3E0CD785C0353E2

Uniqueness

Uniqueness Score: -1.00%

Function 05581209 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266cf0912468659dd049cb559068ccb87800f286e8ff2c414ae40cfb8c3fa141
Instruction ID: c3865bd76cdc89378c29ffb6331cc407436a7543c8a609223f94a3d7af927202
Opcode Fuzzy Hash: 266cf0912468659dd049cb559068ccb87800f286e8ff2c414ae40cfb8c3fa141
Instruction Fuzzy Hash: FA014830308241CFC709EB69D058979BBE6BF9660172545EBE007CB276CF758C0ACB82

Uniqueness

Uniqueness Score: -1.00%

Function 02F405CF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.312271605.0000000002F40000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f40000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d9c83c19982ae59b6d3a717f63aa68176b0fd9d4bafe36c8c32edddd1fc291
Instruction ID: ddfc0a5c223ad56dd87c693cae5173028b19ddbab4d7491f2ea39bfbaab4aa06
Opcode Fuzzy Hash: 59d9c83c19982ae59b6d3a717f63aa68176b0fd9d4bafe36c8c32edddd1fc291
Instruction Fuzzy Hash: B501A2B65083806FD7128B069C50863FFA8EF86220749C0DBEC498B612D229A904CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05581218 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce380eac49ea58ba2acb7e0a28b2a1e6c73aa19968abad9b791547502d4d6e04
Instruction ID: 3d4c459f63e7b7015a7072cb9e570e24eb5f64a9db062232d0267723d42aa1a8
Opcode Fuzzy Hash: ce380eac49ea58ba2acb7e0a28b2a1e6c73aa19968abad9b791547502d4d6e04
Instruction Fuzzy Hash: A6011D30304510CBC608EB6AD058D7AB7EBBFD5610B2545AAE507DB675CF769C0A87C2

Uniqueness

Uniqueness Score: -1.00%

Function 05580908 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e8b70b5bd471ec9e49f8435290280317752d328252a810027bad3c29289904
Instruction ID: 9f8b44a6ff1c41fc95601d64451bc7a6dec1dbe1b850ce22699fd6162c5b8679
Opcode Fuzzy Hash: 32e8b70b5bd471ec9e49f8435290280317752d328252a810027bad3c29289904
Instruction Fuzzy Hash: 0EF0E9309193448FD754AAB444195BF7BB6BB86210B1149978C57A72E1C5748C0B9792

Uniqueness

Uniqueness Score: -1.00%

Function 05580918 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f2f6da9de1b029d8beccf4efbd81e209954bc56e082b78af901d354ecd8226
Instruction ID: ac1e6dc29c1902716567565c2d42d4cf7fe02a3b53840a05dc9224e8ae126746
Opcode Fuzzy Hash: 49f2f6da9de1b029d8beccf4efbd81e209954bc56e082b78af901d354ecd8226
Instruction Fuzzy Hash: 85E0E532B162189BDB50AAF598085BFB7AAB785660F0048779D1BB32A4D970881A42D2

Uniqueness

Uniqueness Score: -1.00%

Function 05584180 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6fc29a59e1649284bc9ed74d7a1462941aefe19fd8893e13fa8aaa9559f8175
Instruction ID: 4cc15962be5193e1aef01f39779d767227e3a1219f8ec3c7b206c03385f4e8d2
Opcode Fuzzy Hash: f6fc29a59e1649284bc9ed74d7a1462941aefe19fd8893e13fa8aaa9559f8175
Instruction Fuzzy Hash: 65F02030A09347DFCF20EA7468094BEBBB9FEC2188B00087BDD07A2101E67200048B91

Uniqueness

Uniqueness Score: -1.00%

Function 02F40938 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.312271605.0000000002F40000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f40000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction ID: 106e5a66c5c3c64d7e8231a4c1141cc0be9036f8d2ceaff160b0e8dd9f984a7b
Opcode Fuzzy Hash: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction Fuzzy Hash: 95F01D35204645DFD306CF00D540F15FBA2EB89718F24C6ADEA490B752C777E813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 02F405F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.312271605.0000000002F40000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f40000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1cd62e8ab492d4822cc2385d7b583310346cce9ecd94f7f696c0e93ff87847f
Instruction ID: c5a9ae21d6ffd1d3e1f37dcc81181301a7e670fa7e5dff72d2b33c07356ea1b8
Opcode Fuzzy Hash: e1cd62e8ab492d4822cc2385d7b583310346cce9ecd94f7f696c0e93ff87847f
Instruction Fuzzy Hash: 11E09276A446044BD650CF0BEC41466F7D8EB84630718C47FDC0D8B700D535B505CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 05580650 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa3f4c10b3ce027f5c36d5a53ae7d18a6df66be92c5dbbce0a118274663fbaf2
Instruction ID: 50f5c5b840743449ec04bbb64529945a00b73d89ab3b0ee0750f750a3ad63064
Opcode Fuzzy Hash: fa3f4c10b3ce027f5c36d5a53ae7d18a6df66be92c5dbbce0a118274663fbaf2
Instruction Fuzzy Hash: 2DD05B714CD3848FC355977114291F97F729ED3211704CDABD841554A2C1372547AB52

Uniqueness

Uniqueness Score: -1.00%

Function 0558016F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31793d215f614d10ca7b4214c6a1900fc408d7bb1e2558cf7658b928c3769a99
Instruction ID: 03bf85cc8fd9f61210439b742fe3c5376da4f230de53575e1d3156f1f3664847
Opcode Fuzzy Hash: 31793d215f614d10ca7b4214c6a1900fc408d7bb1e2558cf7658b928c3769a99
Instruction Fuzzy Hash: 9FE01231541304CFDB255B75E06946C3771EF95221301477AD826C76E1DA3AC896DA11

Uniqueness

Uniqueness Score: -1.00%

Function 05582D20 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 719b9d6f52a0be50f4c1594dde2cfe61c092cbea3337d2a306897a1d34eeb91d
Instruction ID: b4409f64dce4e8cda0ae3c18aaf35d077b665be48685cb5a8e7246e078655a42
Opcode Fuzzy Hash: 719b9d6f52a0be50f4c1594dde2cfe61c092cbea3337d2a306897a1d34eeb91d
Instruction Fuzzy Hash: 42D05E7848E384AFD7599B5098697B43F31FB1B305F040D83D546AD0E7915941078752

Uniqueness

Uniqueness Score: -1.00%

Function 055802A3 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39708bfcf4b401ab62a33493b599ff4d3e99116448b8627c9d3ccdb35fed0e5
Instruction ID: d2cc21ba61d985fd9ab8ec92409ccc896c46ed869168ef7b4094574be9093979
Opcode Fuzzy Hash: f39708bfcf4b401ab62a33493b599ff4d3e99116448b8627c9d3ccdb35fed0e5
Instruction Fuzzy Hash: 3AE01730008740CFC361AB98E1A58A5BBF1FF866103018E8ED8879B9A9CB747C4BCB50

Uniqueness

Uniqueness Score: -1.00%

Function 05580180 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa9de0be80af4ac879171d04d235e452daadca1a4f330029ac68acc64b3cbf55
Instruction ID: 7be6388979490aac4798b6efb20db4d764bab46570e3ad474712e69cbd2de065
Opcode Fuzzy Hash: aa9de0be80af4ac879171d04d235e452daadca1a4f330029ac68acc64b3cbf55
Instruction Fuzzy Hash: 69D01234200304CFCB282FB0E06D42C37AAAB88206301087DE80A87764EF3AE8A1CB00

Uniqueness

Uniqueness Score: -1.00%

Function 05582D30 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46124d19a1e16f1ccbb87ee82eec79c980975fdbc3c84853b879ddf047a9c317
Instruction ID: 6c3137cff1025dddb70793133f4970d9e7b0ed40c9e1539a7cafcc99aa158315
Opcode Fuzzy Hash: 46124d19a1e16f1ccbb87ee82eec79c980975fdbc3c84853b879ddf047a9c317
Instruction Fuzzy Hash: 8EC0923D18F608E6E9ACB684AC1EF743E1AB70CB0AE100C02A20F3C0A82581A11241D6

Uniqueness

Uniqueness Score: -1.00%

Function 05580660 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e117b5377730b317db977531d8e18998b8a9ae7155934dcfe597fc4263aac7b3
Instruction ID: a5fc226784f688e77a69323add106958dae103e27693060417e8d08fd1e252b0
Opcode Fuzzy Hash: e117b5377730b317db977531d8e18998b8a9ae7155934dcfe597fc4263aac7b3
Instruction Fuzzy Hash: 6CC09B71045254CFC254BA73580D539771B7BD1315750CC36D511101B58A73B455A9A5

Uniqueness

Uniqueness Score: -1.00%

Function 05582EC0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.313311214.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5580000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af36171be5810b09d03272ca739e425d73781b236ad272097654096a8d88e9fe
Instruction ID: 6a9603e978f8ef382feecc4249d9b1e24af6a7bf6a8712a9613847414ee69ab6
Opcode Fuzzy Hash: af36171be5810b09d03272ca739e425d73781b236ad272097654096a8d88e9fe
Instruction Fuzzy Hash: F7B012302142080B275067B56888E32378C66404097400064990CC0100F510D0903244

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dhcpmon.exePID: 6860, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	22.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	57
Total number of Limit Nodes:	6

Executed Functions

Function 048D3850 Relevance: 2.0, Strings: 1, Instructions: 752
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_~q, xrefs: 048D3F9D

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: >_~q
API String ID: 0-3236834513
Opcode ID: 161e9b61efbdafd6ccb5d7202101439601d1647befd8e27b2e515482f219b9a0
Instruction ID: eebddd4b6ae61d5913ba66d08ebd448fded11a96b04259f34d142a1ff1a10078
Opcode Fuzzy Hash: 161e9b61efbdafd6ccb5d7202101439601d1647befd8e27b2e515482f219b9a0
Instruction Fuzzy Hash: 4952C471A05209DFCB15CF58C88496DFBB2FF85304B198AAAD809DF216D731ED45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 048D23A0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cdf866b1d850c9a5cfa3d6d46bfc076b42e8eaa60402f5e238277b3df51577a
Instruction ID: ea4e4429f3d11888f94b05ed2e2540d53dd1033dcff670d7708fb27d89ed29ad
Opcode Fuzzy Hash: 3cdf866b1d850c9a5cfa3d6d46bfc076b42e8eaa60402f5e238277b3df51577a
Instruction Fuzzy Hash: 5F12E030E06219CFC724DF29D98066DB7F2FF84305F64CAAAD415EB255EB34A986DB40

Uniqueness

Uniqueness Score: -1.00%

Function 048D2FA8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c88007c30b0ce954be35db0a365eb5cefd75e3d69b2c4aad33d60fcea8a455
Instruction ID: 890e8c80e28172cf7a06f27b7b9b86f1815b00d33fd76e18659802a2980878f0
Opcode Fuzzy Hash: f1c88007c30b0ce954be35db0a365eb5cefd75e3d69b2c4aad33d60fcea8a455
Instruction Fuzzy Hash: 1681B231F021169BC714EB69C840A6EB7F3AFC8314F298575E819EB355EE30ED028B91

Uniqueness

Uniqueness Score: -1.00%

Function 048D2D58 Relevance: 2.6, Strings: 2, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 048D2E76
>_~q, xrefs: 048D2DA5

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: $>_~q
API String ID: 0-1669717660
Opcode ID: 77521a670a0a005de0849f6afc6434a1dc5ffd8bbd3d7c0588d9e0809ab77a92
Instruction ID: 6e9805261f672e4cc93d0234c819fdff4e64404359de85f1944b19bd1192edbb
Opcode Fuzzy Hash: 77521a670a0a005de0849f6afc6434a1dc5ffd8bbd3d7c0588d9e0809ab77a92
Instruction Fuzzy Hash: 8E41D630F0A2598FCB10DF65C8405AEB7A2ABC0318B24CEBAD416DB742D635F8428792

Uniqueness

Uniqueness Score: -1.00%

Function 009CAA02 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 009CAAB1

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 839e250fa5de08e5a63945a68ecc22c62cee4a178c7110225f135380479cfcc0
Instruction ID: e4a3d025bd9c1adad6f7a2e5aaa304689da216ee8a47a442ef8cac976eaccc9c
Opcode Fuzzy Hash: 839e250fa5de08e5a63945a68ecc22c62cee4a178c7110225f135380479cfcc0
Instruction Fuzzy Hash: 6B31B4725443846FE722CB25CC45FA7BFACEF05310F0889AEED819B152D264A909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 009CAAF9 Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1904DDA0,00000000,00000000,00000000,00000000), ref: 009CABB4

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 18d83801c428eab33a8d2ef8f7c989ff6a60df4fa3bb9d417c9aa7ac245681cc
Instruction ID: 6f33defaf980383f2c8eefdc5db5890e90d3df5f77bbaad62a29ac5a4d2cd6d3
Opcode Fuzzy Hash: 18d83801c428eab33a8d2ef8f7c989ff6a60df4fa3bb9d417c9aa7ac245681cc
Instruction Fuzzy Hash: 5E3193715093846FE722CB25CC44FA6BFBCEF06314F18849EE985DB152D264E949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 049F00F6 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 049F019D

Memory Dump Source

Source File: 0000000B.00000002.314959486.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_49f0000_dhcpmon.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 5beaf7d1900df8c3db1003538e7195f8ed8c92910e64c079efae2f0032dd4419
Instruction ID: cda4249a107e6361c456ef545c21a47cff99b3f3aeaa93384a7f0cfc41c456da
Opcode Fuzzy Hash: 5beaf7d1900df8c3db1003538e7195f8ed8c92910e64c079efae2f0032dd4419
Instruction Fuzzy Hash: 5A3150715097806FE712CF25DC45F56BFE8EF06210F1984AAE9848B293D265A909C761

Uniqueness

Uniqueness Score: -1.00%

Function 009CAF50 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 009CAFEA

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: ConsoleCtrlHandler
String ID:
API String ID: 1513847179-0
Opcode ID: 9d84c4a105356d909cb927c05c8efef0cdb3503a9a5bd27c0abe280d85bb14f1
Instruction ID: 0cc391a12e0de827e58da103148ab2688c2ceb8b26b186945eb81e0317fda544
Opcode Fuzzy Hash: 9d84c4a105356d909cb927c05c8efef0cdb3503a9a5bd27c0abe280d85bb14f1
Instruction Fuzzy Hash: B221717140D3C06FD7138B258C51B61BFB8EF47610F0A81DBE884CB5A3D128A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 009CAA32 Relevance: 1.6, APIs: 1, Instructions: 74
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 009CAAB1

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 43be108d6d587126486adb103441f445065c65d38cd9bad767cfe832c6167f90
Instruction ID: 16afa563b7225f379d05e27c387410e7460bd5ea85495cd1a1c8d12f2993b132
Opcode Fuzzy Hash: 43be108d6d587126486adb103441f445065c65d38cd9bad767cfe832c6167f90
Instruction Fuzzy Hash: 0121A172500204AEF721DF55CD84F6BFBECEF04310F18895AED459B241D664E909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 049F012A Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 049F019D

Memory Dump Source

Source File: 0000000B.00000002.314959486.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_49f0000_dhcpmon.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 350f5ae5ac1ec83f2fde993c00d42b6dcf98d6d16971e4fb885f4a262e965c56
Instruction ID: 717dc83db0a7fc302bd023e57fde0e569d6b51ab6ff35fb8bf15ddfbc587c83e
Opcode Fuzzy Hash: 350f5ae5ac1ec83f2fde993c00d42b6dcf98d6d16971e4fb885f4a262e965c56
Instruction Fuzzy Hash: D5217F71600240AFE721DF25DC45F6AFBECEF04310F14846AE9458B242E675F504CB65

Uniqueness

Uniqueness Score: -1.00%

Function 009CAB3A Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,1904DDA0,00000000,00000000,00000000,00000000), ref: 009CABB4

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ccc295ef8d542c2e9ee290a041505c3bad232491a9db15b24035fc9d4b000faf
Instruction ID: 1e508460ec55bee8f3b5c31c17077039d621ff487cd84c9e7d07204a9e33bfed
Opcode Fuzzy Hash: ccc295ef8d542c2e9ee290a041505c3bad232491a9db15b24035fc9d4b000faf
Instruction Fuzzy Hash: C7218E71A00208AFE721CE25CC80F66FBECEF04714F1884AAE945DB251D264E908CA72

Uniqueness

Uniqueness Score: -1.00%

Function 009CB7CA Relevance: 1.6, APIs: 1, Instructions: 61
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 009CB841

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b423fdde9d800e8ff9d57d270c001892c6582bf51b47c608c51e32c8ed557a1f
Instruction ID: fe442e22dc86012f425175324c2d21a3badecb3fb75588468058fb5729c46c2f
Opcode Fuzzy Hash: b423fdde9d800e8ff9d57d270c001892c6582bf51b47c608c51e32c8ed557a1f
Instruction Fuzzy Hash: 7B218C724097C09FDB128B21DC51AA2BFB4EF17320F0D84DAEDC44F263D265A958DB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CA51F Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009CA58A

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 91da0f243c77f52ede33f02f105024df1fe6288f40fffd794e0ca03c83e49013
Instruction ID: 7871968171696e7c0051ce2eaa793adef60bf5214c0d96ff90fafc177e4f3428
Opcode Fuzzy Hash: 91da0f243c77f52ede33f02f105024df1fe6288f40fffd794e0ca03c83e49013
Instruction Fuzzy Hash: FA116071409384AFDB228F55DC44B66FFB8EF4A224F08C49EED858B162C275A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CBB4F Relevance: 1.6, APIs: 1, Instructions: 59
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 009CBBB9

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 486e6e535f18970c6c225aaeb30993cac1e20f8d699a39648be8f37c856a68ab
Instruction ID: 2515e47b283b2324d3819295e86d9f2c16f15bd0b9c8a41f01b0747b0efc1509
Opcode Fuzzy Hash: 486e6e535f18970c6c225aaeb30993cac1e20f8d699a39648be8f37c856a68ab
Instruction Fuzzy Hash: EA11B1355093C09FDB228F25CC45B52FFB4EF16220F0884DEED858B563D265A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CBE05 Relevance: 1.6, APIs: 1, Instructions: 58
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DispatchMessageW.USER32(?), ref: 009CBE70

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: ecb03be70e76a5c3ced9b9edb6f1fa2540dcef05942bef8090589d12e69ec874
Instruction ID: fbc7b1bb1dd2dc0642361212a1b9b9d9f9137eb09f51d887fd92e6f5e90e4046
Opcode Fuzzy Hash: ecb03be70e76a5c3ced9b9edb6f1fa2540dcef05942bef8090589d12e69ec874
Instruction Fuzzy Hash: 6B118E758093C0AFD7138B25DC44B62BFB4EF47624F0984DEED848F263D2696808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CB71E Relevance: 1.6, APIs: 1, Instructions: 57
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIconFromResourceEx.USER32 ref: 009CB78A

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: b47c649d97bdfdfc60d537a471af974d72ed6a318736a6d05773fec8202827a1
Instruction ID: f0ee0b8553789d4c0cb9c9dafd870483d7f1bf742615801b65de2166b9e0c518
Opcode Fuzzy Hash: b47c649d97bdfdfc60d537a471af974d72ed6a318736a6d05773fec8202827a1
Instruction Fuzzy Hash: 33115E314043809FDB228F55DC44B56FFB4EF49320F0989AEED858B562C375A458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 009CA75B Relevance: 1.6, APIs: 1, Instructions: 52
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleInitialize.OLE32(?), ref: 009CA7BC

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2fce76b4a852ac53d09bc0cae6806b3ab0c80074f679603bc662f48a224ebf5f
Instruction ID: 3b3145f015a46dcde90c7bd58e4739912fa1895245d6058a7bf02add163222dc
Opcode Fuzzy Hash: 2fce76b4a852ac53d09bc0cae6806b3ab0c80074f679603bc662f48a224ebf5f
Instruction Fuzzy Hash: 73118F718493849FD712CF15DC45B52BFB4EF42224F0984EBED458F253D279A848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CA8CC Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 009CA926

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 53b3274838b5ea205bc25774a8cc34d7b34921577a65f5a2854dbfaabee0252d
Instruction ID: 2367a2d211fee22d6cf1859617ec9ebb33509162e41a303731b1479b0ebf2468
Opcode Fuzzy Hash: 53b3274838b5ea205bc25774a8cc34d7b34921577a65f5a2854dbfaabee0252d
Instruction Fuzzy Hash: BE117C314097849FD722CF15DC85B52FFB4EF06320F09C49AED858B262C275A818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CA546 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009CA58A

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3e1ce20b7496451ec437670c4e394e9ef94a7ac3131a050e5d12aab22a6a6ebc
Instruction ID: 6985b447f0c5106adcc5db124a3f3f29832c9093874ee918b34a5035ef1745a1
Opcode Fuzzy Hash: 3e1ce20b7496451ec437670c4e394e9ef94a7ac3131a050e5d12aab22a6a6ebc
Instruction Fuzzy Hash: 6B016D318006449FDB21CF55DC44B6AFFE4EF08325F18C8AEED898B656C275A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 009CB746 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 009CB78A

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 984d41e47fa2169c34896096984ec844b31166d89c4b9b3aa2c07c3bf3f13067
Instruction ID: e30b7cb025ce0383aef326b7d37ffa960a8d4e18c788bb44b3c37fe3430e94af
Opcode Fuzzy Hash: 984d41e47fa2169c34896096984ec844b31166d89c4b9b3aa2c07c3bf3f13067
Instruction Fuzzy Hash: AE015B318006409FDB218F55DC45B66FBE4EF48320F18C8AEDE894BA26D376A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CAF9A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 009CAFEA

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: ConsoleCtrlHandler
String ID:
API String ID: 1513847179-0
Opcode ID: 0dcaa356720625061ba5031be03bd1a8baa638f09e33eb8dbcd82339214c0581
Instruction ID: 3094d213dcf863f0f64dace9c4ba9e043ace36ba303b4079fb17a47efb39829c
Opcode Fuzzy Hash: 0dcaa356720625061ba5031be03bd1a8baa638f09e33eb8dbcd82339214c0581
Instruction Fuzzy Hash: 1C016271500600ABD650DF1ADC86B36FBA8FB88B20F14C15AED085B741D675F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 009CBB7E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 009CBBB9

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 91f32e7f4e9509cdfd7b086aa4c501f51bf14f6703ab169dd72d047592e3408f
Instruction ID: 9adcfbc73b2eef79bd3e51bc9628d582263ff43a1f27faf681087bd58ca6b322
Opcode Fuzzy Hash: 91f32e7f4e9509cdfd7b086aa4c501f51bf14f6703ab169dd72d047592e3408f
Instruction Fuzzy Hash: 7001BC359002408FDB218F16DC85B66FBA4EF14321F18C4AEED868B666C375A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 009CA78A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 009CA7BC

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 977f4de4b6c6678dc2b70a4435b4829199b92767c9f385190acf2d70d4197eda
Instruction ID: dfed7752a12af472ba46dbe40e1a84e003f95548bd2b92f8a17b8ed5b32adc19
Opcode Fuzzy Hash: 977f4de4b6c6678dc2b70a4435b4829199b92767c9f385190acf2d70d4197eda
Instruction Fuzzy Hash: 7D01AD74C002448FDB20CF15EC88BA5FBE4EF04325F18C8AADD488F646D279A508CAA3

Uniqueness

Uniqueness Score: -1.00%

Function 009CB806 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 009CB841

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1e2d74672157c2baaff38a898ad6225c6c9706b2c9d12af288a40d41bc8d61bb
Instruction ID: 4b286473064ff646f385399801fdb1095c6a65f91440c8214fbb1b9ec4942fd7
Opcode Fuzzy Hash: 1e2d74672157c2baaff38a898ad6225c6c9706b2c9d12af288a40d41bc8d61bb
Instruction Fuzzy Hash: E1018B31800240DFDB21CF56DC85B65FFA8EF08721F18C49EDD894B226D375A518DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 009CA8EE Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 009CA926

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: f408f7748fdb87208b73fbf05f3809fc7b8bbbccfb09e2025c2ee7b6b3f85f33
Instruction ID: ddb9d3ba489735282493028268e3e506bf65c18d14a6f47361fa30920bc7e19e
Opcode Fuzzy Hash: f408f7748fdb87208b73fbf05f3809fc7b8bbbccfb09e2025c2ee7b6b3f85f33
Instruction Fuzzy Hash: D701AD318006448FDB20CF05DC86B61FFA4EF09325F18C4AADD864B256C275A808DB73

Uniqueness

Uniqueness Score: -1.00%

Function 009CBE3E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 009CBE70

Memory Dump Source

Source File: 0000000B.00000002.314496436.00000000009CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9ca000_dhcpmon.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: f07d1ececcb092bd73826e2701108289e72438e6393d8caa6c9e3b3d35c04191
Instruction ID: 23aabaa3777c43b8baf05f15168ab9184d6d00fe2eb8325519389bbdd4c0dd2e
Opcode Fuzzy Hash: f07d1ececcb092bd73826e2701108289e72438e6393d8caa6c9e3b3d35c04191
Instruction Fuzzy Hash: 6DF0AF35D042448FDB20CF05DC85BA5FFA4EF04721F58C4AADE494B356D3B9A508CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 048D02E8 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

:@yq, xrefs: 048D0537

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: :@yq
API String ID: 0-397920524
Opcode ID: d401b2da2ea72cdaa079c31e691740f626405070d29aa60816651ca58765a011
Instruction ID: d496e63c77b7b611e27b0217024ac2e9733a6df387626b1764606be49b7c1f12
Opcode Fuzzy Hash: d401b2da2ea72cdaa079c31e691740f626405070d29aa60816651ca58765a011
Instruction Fuzzy Hash: 17618230B052058FDB19DF68D45066D7BF2FF8A318F15856ED506EB362DA35AC01CB52

Uniqueness

Uniqueness Score: -1.00%

Function 048D21F8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 048D230F

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 3f5de8171c2e89c44a60e973764006cef4dcbe10d070d6265f8faf4df6560f65
Instruction ID: 0845b755c549965710f3c914eef9fc15677ecd25518f722fb05dedea8c29b0b1
Opcode Fuzzy Hash: 3f5de8171c2e89c44a60e973764006cef4dcbe10d070d6265f8faf4df6560f65
Instruction Fuzzy Hash: FB413C30E0A209CFCB48DFA5C4456AEFBB1FF44304F1089AAD412E7264E735AA45DF52

Uniqueness

Uniqueness Score: -1.00%

Function 048D4180 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

W, xrefs: 048D4135

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: b1377e42f40592121759eec298baf69550a8f98fe1ce7d593382647186ea99ea
Instruction ID: 72c3f66d9c47ee30e98f030a7cb6a0c3f98c395f3f60bb9d1b292fc76e150369
Opcode Fuzzy Hash: b1377e42f40592121759eec298baf69550a8f98fe1ce7d593382647186ea99ea
Instruction Fuzzy Hash: A3118C3071F2B4EFCF111734A8004AB7BB58E9EA487014ABBC44AC7202FB70A40AC752

Uniqueness

Uniqueness Score: -1.00%

Function 048D12A0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46f314656819930bf30cbd240f0e2bdc87957020be021abc23bbaa9462caa440
Instruction ID: 055a7e655481ab0afa6098bce6543ea64094ee17439dc9c676360e63f449f633
Opcode Fuzzy Hash: 46f314656819930bf30cbd240f0e2bdc87957020be021abc23bbaa9462caa440
Instruction Fuzzy Hash: 1B22E234A01605CFCB24DF25D484A6AB7F2FF88304B60CA99D85A9B756DB34BD86CF41

Uniqueness

Uniqueness Score: -1.00%

Function 048D09A0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9185339f17e7b5c7a54f4699b40c7db22a3813180dd355a4e9820d0f1dcdeecc
Instruction ID: 38f661a4ce211a1deaa3e2856d5a74bda8f993c7ae7f1616a61530610e2572ec
Opcode Fuzzy Hash: 9185339f17e7b5c7a54f4699b40c7db22a3813180dd355a4e9820d0f1dcdeecc
Instruction Fuzzy Hash: FD51D631B49249DFCB149B64D854A6EB7F2FF8530CF208A69E546DB351DB30AC02DB91

Uniqueness

Uniqueness Score: -1.00%

Function 048D2BF8 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d079bfc568d30232ac511ee9728315c73559c6c0f46981f891f3ec5b709f74f2
Instruction ID: 1b39469ec2663b7a46ddd6fe5a24bfaf615053dedc584b6f5a75f718245f2deb
Opcode Fuzzy Hash: d079bfc568d30232ac511ee9728315c73559c6c0f46981f891f3ec5b709f74f2
Instruction Fuzzy Hash: A441F83430F399CFC326573498949797FB0AF42314B198AEBD096CF6A3D664AC05D752

Uniqueness

Uniqueness Score: -1.00%

Function 048D0BC0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883f49f87431f51d0e57091c2e954b3318b3f00b8143037c762beadf5783b17c
Instruction ID: 1049b14e80135e03637be1aa839c2e3e3eb1e0e079ccd45421f21636b158691a
Opcode Fuzzy Hash: 883f49f87431f51d0e57091c2e954b3318b3f00b8143037c762beadf5783b17c
Instruction Fuzzy Hash: 4D411E31B06108CFC7158B28C414AAE77E6AFC6314F15856AE80BDF351DE71AC0BC792

Uniqueness

Uniqueness Score: -1.00%

Function 048D1458 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e4555a2422999ecf07e59233d7162c9a6ef1f09f221d18361448e720a83258
Instruction ID: e296985921feba78444404552246cef163b0dcb8d6192518020059de8a74e907
Opcode Fuzzy Hash: a7e4555a2422999ecf07e59233d7162c9a6ef1f09f221d18361448e720a83258
Instruction Fuzzy Hash: E9511934A01218CFDB14DF65C894B9DB7B2BF49304F6085E9D40AAB366DB34AD86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 048D0683 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eee428cc3055b6c78a8f73c727e285cfb0155ec366ca18f930fd405c6529da7
Instruction ID: d1aa04f61eb490ebecba6adf544b3c4632ccb92054bd2ef6a5d81bdbf5b16297
Opcode Fuzzy Hash: 2eee428cc3055b6c78a8f73c727e285cfb0155ec366ca18f930fd405c6529da7
Instruction Fuzzy Hash: 7B41963069E2458BD3157BB4EC0C66DB762BF81709714856BF503CB275EF305C82AB92

Uniqueness

Uniqueness Score: -1.00%

Function 048D02DA Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc02bb0325d2a4d4282778c66409534b1fec0b53a563d48112fda934b1acc1c2
Instruction ID: 613d64bb71e50dc3499a9db940580b507664a27a79b0bbda21356088be1ea8b5
Opcode Fuzzy Hash: bc02bb0325d2a4d4282778c66409534b1fec0b53a563d48112fda934b1acc1c2
Instruction Fuzzy Hash: DE414E70B022058FDB18CB68C554BAE7BF2EF8A318F14896DD406EB7A1DA71AC418B51

Uniqueness

Uniqueness Score: -1.00%

Function 048D20D0 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9667ee022a447db9bcfa4789ab5722cb7f52113b51f3ff97cd2fad271947f5
Instruction ID: fbe405065c0ea61a69715e69296dca0751633ec35d91e6f4d7e4101adbd159f8
Opcode Fuzzy Hash: 9e9667ee022a447db9bcfa4789ab5722cb7f52113b51f3ff97cd2fad271947f5
Instruction Fuzzy Hash: 79313E30B0A249DFCB15DFA8D88057E7BB1BB89304B11CAEAD545DB255E770BC42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 048D1293 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f86d964064c9c9ac5f463cd7f574e552c2daf3c7f7fe30a6a99ed23b1e4c0a
Instruction ID: 4cbafd67b324d1a70c0f025dbccdb0499c4248e6dc7d9806a20f705c49759e8f
Opcode Fuzzy Hash: 76f86d964064c9c9ac5f463cd7f574e552c2daf3c7f7fe30a6a99ed23b1e4c0a
Instruction Fuzzy Hash: BD411634A05219CFCB24DF69C884B9DBBB2BF49308F1085A9D44AAB355DB34AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 048D21E8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 952248224b13fd061de304cefea4a5b523a986d6f10d99a649ec5a76f24932ac
Instruction ID: 5592d9f1d8731eeb9969729016e6bad9e0eb0be91383d2144ddbfac97dbd14c6
Opcode Fuzzy Hash: 952248224b13fd061de304cefea4a5b523a986d6f10d99a649ec5a76f24932ac
Instruction Fuzzy Hash: 9E316F30E0A209DFCB54DFB4C5456BEFBB1BF45304F104AEAE402E72A1E631AA45DB52

Uniqueness

Uniqueness Score: -1.00%

Function 048D25DE Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c1bbe106af6e364fcfe58fd931d9218d76163def73e97f68e869428e3c96c8b
Instruction ID: f589dff8faad3eff8453a0242736e9f4082239b3d814d3f92514f3464c0c7d5a
Opcode Fuzzy Hash: 2c1bbe106af6e364fcfe58fd931d9218d76163def73e97f68e869428e3c96c8b
Instruction Fuzzy Hash: F8318E30E16349CBDB60DF65D844659BBF1BF84304F24C66AC014AB269DB74A98ADF42

Uniqueness

Uniqueness Score: -1.00%

Function 048D4190 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcce6bc63ee4a02d5583e0d74d9384a8f40b557d3a20f9c965baa70d26fac40f
Instruction ID: ad56d1cc9a4b6ad3483dcb0293e4da2f4459a8a40ea0973b602b7c8ec845ee7d
Opcode Fuzzy Hash: dcce6bc63ee4a02d5583e0d74d9384a8f40b557d3a20f9c965baa70d26fac40f
Instruction Fuzzy Hash: AE115C31B062198BDB14EBB5D8445BFB7B6AFC4704F104A3F9407D7241EE70A8419762

Uniqueness

Uniqueness Score: -1.00%

Function 048D0908 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3b3b3ce23416e7a27a1bfb99650c0054c63fbd8e876e529dcfef973f0adfba8
Instruction ID: 25c2e2973e5f237d328b594387ca9d3f9bb4db91aa6a74a71a7dbbf8bf4f2d53
Opcode Fuzzy Hash: d3b3b3ce23416e7a27a1bfb99650c0054c63fbd8e876e529dcfef973f0adfba8
Instruction Fuzzy Hash: DC117D31B5F3486FD3124AB5584096F7FA44B83214F054B6BC906DB355D9A45C43E391

Uniqueness

Uniqueness Score: -1.00%

Function 02430845 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314668657.0000000002430000.00000040.00000020.00020000.00000000.sdmp, Offset: 02430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2430000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2e1d53388ad1278135ef2217c4851094a244e5dd69faad1206feca0e0732086
Instruction ID: e269da1e4ba968df2294042a340ba55f5b2e616eb55325d1081dfc9961c07ce5
Opcode Fuzzy Hash: e2e1d53388ad1278135ef2217c4851094a244e5dd69faad1206feca0e0732086
Instruction Fuzzy Hash: B921793510D3C08FD7038B20C850B55BFB1AF4B614F2986DBD8858B6A3C33A981ADB62

Uniqueness

Uniqueness Score: -1.00%

Function 0243087C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314668657.0000000002430000.00000040.00000020.00020000.00000000.sdmp, Offset: 02430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2430000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606c1bbec7cc7d7f67299b0b2a7a835307761707f4ffca889ba83ebdffddd914
Instruction ID: fa512da76536aa2e9f0675d06ccd4a7b7432e3ef9b64926be5da40c0ba844c00
Opcode Fuzzy Hash: 606c1bbec7cc7d7f67299b0b2a7a835307761707f4ffca889ba83ebdffddd914
Instruction Fuzzy Hash: 5D11B434204284DFD316CB14D944B27BB95AF8C708F28DA9EE9494B752C77BD853CA91

Uniqueness

Uniqueness Score: -1.00%

Function 048D2390 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f74f05a6391e272bcb76b4d35353ee22f611e6b06efceb91d48c0c1db6df9b6
Instruction ID: 97f8dd0c1174f0ffdc01c9f6c1dd8d0c90e83487921df1566b29f13536017367
Opcode Fuzzy Hash: 7f74f05a6391e272bcb76b4d35353ee22f611e6b06efceb91d48c0c1db6df9b6
Instruction Fuzzy Hash: 82116D30E0A299CEC7249F698940AAEBFB1AF44304F104AAEC546E7791EA741942DB61

Uniqueness

Uniqueness Score: -1.00%

Function 048D11DF Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3695fbe545c0865a59fd2e15fd8412e34c187b2fba1f026c42686802f1d5bb25
Instruction ID: 3593fb1a92cf820990a1f8b8908c064e02d95096b110ecc30045dd917157198d
Opcode Fuzzy Hash: 3695fbe545c0865a59fd2e15fd8412e34c187b2fba1f026c42686802f1d5bb25
Instruction Fuzzy Hash: 2B11C43030A284CFC716DB28D0589697FF6BFC660571546EBE046CB677DB26AC0ADB42

Uniqueness

Uniqueness Score: -1.00%

Function 048D05BB Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23490feb0422e1f90186e54a8c034767de7494312f5ea2411a2acde96a854d85
Instruction ID: 575ece725a28d7cd05f503a6670bbff287a4d035fd7ff9c9c57cf86c024e2d0e
Opcode Fuzzy Hash: 23490feb0422e1f90186e54a8c034767de7494312f5ea2411a2acde96a854d85
Instruction Fuzzy Hash: E20128607082200FC709B73D64126BF1B8B9BC5708724842FE40ADB3C6DD649C0343E7

Uniqueness

Uniqueness Score: -1.00%

Function 024305CF Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314668657.0000000002430000.00000040.00000020.00020000.00000000.sdmp, Offset: 02430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2430000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5bee3e6473589f79eb12cb357302c6aaf42af148cb7a4c03c19d4f48d278c35
Instruction ID: fbeaa10c1e98c70683431f9a7a13937c1e2895ed7690a38de3210954b17b1dd2
Opcode Fuzzy Hash: f5bee3e6473589f79eb12cb357302c6aaf42af148cb7a4c03c19d4f48d278c35
Instruction Fuzzy Hash: 0201A77550D3805FD7128B16DC40862FFF8DE86620759C4DFEC498B613C125B909CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 048D05C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e9600e185b486bb7bf2e245345c18e6a48dfd77a687266897e93742eba5989
Instruction ID: 6c661045c53d727f7c764e6b27619f86062b1652b0111ad1fa740d81ad8219ea
Opcode Fuzzy Hash: c0e9600e185b486bb7bf2e245345c18e6a48dfd77a687266897e93742eba5989
Instruction Fuzzy Hash: AFF090207042250BC608BA7D6416A7F5A8FABC5A48B64842FF50ADB3C5DD65AC0353E7

Uniqueness

Uniqueness Score: -1.00%

Function 048D1209 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f3811dd28060dc8d489676247f1e78d910a245f82547f45c4b406585b11634
Instruction ID: a253326450f942018d500d058deb53d2058717f56df48db9a2e8820aaaf727a7
Opcode Fuzzy Hash: 91f3811dd28060dc8d489676247f1e78d910a245f82547f45c4b406585b11634
Instruction Fuzzy Hash: 53018F3030A244CFC705EB28D05896A7BE6BFC6605B2545EFE006CB676DF769C09DB42

Uniqueness

Uniqueness Score: -1.00%

Function 048D1218 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1beaa39900e068b4d20131168eac4ffc2d2e0fe4626e33a3d38b7219f6e09378
Instruction ID: 2bda7d450d91e0a8b3c820b86e36786c9e747a2374a5f432f76d1040c252768d
Opcode Fuzzy Hash: 1beaa39900e068b4d20131168eac4ffc2d2e0fe4626e33a3d38b7219f6e09378
Instruction Fuzzy Hash: 06018130305114CBC604EB28D05C96DB7EABFC5715B2045AAE006CB775DF76AC099782

Uniqueness

Uniqueness Score: -1.00%

Function 048D0918 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5f4500e3c03b4724e7e46154cb2974fc221b4c3baa118e2c88534dbca97c771
Instruction ID: a2814b63be42ae088465fbf024e628c566dc4c47c65177d7f1fbbbfee6ef0dcf
Opcode Fuzzy Hash: a5f4500e3c03b4724e7e46154cb2974fc221b4c3baa118e2c88534dbca97c771
Instruction Fuzzy Hash: 13E0EC31F2721CA7971059F598005AFB799978726CF004E279F0BD7204FA70A8566292

Uniqueness

Uniqueness Score: -1.00%

Function 02430938 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314668657.0000000002430000.00000040.00000020.00020000.00000000.sdmp, Offset: 02430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2430000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction ID: 7b8b8f02a9aabfc7b7fcf7aef3253c72b1968221752d1756dcc193608eefcd36
Opcode Fuzzy Hash: 41ade30b2b0897db333706246b4c2789baa80c88b78e94e67c3b88c913837d79
Instruction Fuzzy Hash: E3F01D35104644DFC306CF00D540B16FBA2EB89718F24C6ADE9490B752C337E813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 024305F6 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314668657.0000000002430000.00000040.00000020.00020000.00000000.sdmp, Offset: 02430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2430000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c39ecdf7b8843cf3dfe09a6fa88e063c96e3495515c817a7c8e107a7f13fda
Instruction ID: 02f4afc71529370cfb0a76dbfe9cc55bec5f665b21da3b10fdb1587252339732
Opcode Fuzzy Hash: 21c39ecdf7b8843cf3dfe09a6fa88e063c96e3495515c817a7c8e107a7f13fda
Instruction Fuzzy Hash: C1E092766046004BD650DF0BEC41466F7D8EB84630758C47FDC0D8B700D535B505CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 048D0650 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a0c104a17bb8863ba48993898c0afe2c8bb596ddde7d6eac5a77d9c8e77b7b5
Instruction ID: 2a1527a3979132f3cb1d8e89fb60267607f3ec294a383a7bddce9e72b0056f7f
Opcode Fuzzy Hash: 4a0c104a17bb8863ba48993898c0afe2c8bb596ddde7d6eac5a77d9c8e77b7b5
Instruction Fuzzy Hash: FED05EB158F3848ED71157B02C664E97F2099A321DF2489AFD44291853E5262183AA12

Uniqueness

Uniqueness Score: -1.00%

Function 048D016F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbfe00ff6c658dfeda94b0cb232bd01478b7d4962ab3a8779c880ad68cdc801
Instruction ID: 9824d45a378704b9613c5074f8af2b7cfa18341dfcba826597eea86dd2559dbd
Opcode Fuzzy Hash: 0dbfe00ff6c658dfeda94b0cb232bd01478b7d4962ab3a8779c880ad68cdc801
Instruction Fuzzy Hash: F5E0C23524A3008FCB051B70E81946C3B609F821213504BBFD423C7BE0DA3AC482DA05

Uniqueness

Uniqueness Score: -1.00%

Function 048D02A3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23db067d13f75a0592cab8f3de797547431fa0a46ac88ab37429dc65d2f19e4a
Instruction ID: 522b26f5872a74820873c40324629af4c12b9ef1789dc7e1608407bdab2b880d
Opcode Fuzzy Hash: 23db067d13f75a0592cab8f3de797547431fa0a46ac88ab37429dc65d2f19e4a
Instruction Fuzzy Hash: 99D0172924F7848FC3629B24A9A18957BE2AA46204705898ED0C687AA6D720BD068B02

Uniqueness

Uniqueness Score: -1.00%

Function 048D2D20 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43bd18bcb20e83aee78471dabafc1aef4b1dd254354f93fc4ff00c9791ce949e
Instruction ID: 8ef17eecd3253cc0de82bba75a7f179541e5f211abeec8b60b982cb70ceeae5c
Opcode Fuzzy Hash: 43bd18bcb20e83aee78471dabafc1aef4b1dd254354f93fc4ff00c9791ce949e
Instruction Fuzzy Hash: 2AD05E3428F3CCADE39203655C25F693F604B5A604F194ADB914BDA1E7E0406005A212

Uniqueness

Uniqueness Score: -1.00%

Function 009C23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314471457.00000000009C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9c2000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f78164a13a3bb05b26931332b644155ed995711d7d9038b000a1eaa70cc88a
Instruction ID: f1a3cd92d7ae837efe217b90030992a164e8ff4332c78f1eef5b8b52e223fe1b
Opcode Fuzzy Hash: e7f78164a13a3bb05b26931332b644155ed995711d7d9038b000a1eaa70cc88a
Instruction Fuzzy Hash: 6FD05E79609A814FD32A8B1CC1A8F993BA8AF51B04F4644FDE8008B673C369D981D201

Uniqueness

Uniqueness Score: -1.00%

Function 009C23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314471457.00000000009C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9c2000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec479d7595b5f0e3bb7677de9ba57ef79839ac3108f7ae881c03acb292a128a1
Instruction ID: 3b86a6b1ff2ff47f15c00a2158c1e441255b0404cbbf9c8a6083a20e859498ba
Opcode Fuzzy Hash: ec479d7595b5f0e3bb7677de9ba57ef79839ac3108f7ae881c03acb292a128a1
Instruction Fuzzy Hash: 30D05E347102814BD725DB0CC194F5937D8AB41B00F0644ECAC008B262C7A9DC81C600

Uniqueness

Uniqueness Score: -1.00%

Function 048D0180 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e90438d5aefee552f8a6befb67633d1c99b0efc1a84bfac7c562dd0408649ae
Instruction ID: 3f429bcb8ccb130af84ac440ee822981233e8ba454a1cf79ef9b4e97b06eb487
Opcode Fuzzy Hash: 5e90438d5aefee552f8a6befb67633d1c99b0efc1a84bfac7c562dd0408649ae
Instruction Fuzzy Hash: 2AD01234255304CFCB082B70E41D41C37A5AF85206390097EE80687750DF36E8C1DA00

Uniqueness

Uniqueness Score: -1.00%

Function 048D0660 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb436cef5bb544a2663159adf3fd81176f550c3bd8dfa2239fbb0530f25c3040
Instruction ID: 623e114c42bb708f5938eea1f2c959aaeac214b5a89a2290d953e74b3520f708
Opcode Fuzzy Hash: eb436cef5bb544a2663159adf3fd81176f550c3bd8dfa2239fbb0530f25c3040
Instruction Fuzzy Hash: 1BC02BB018F30CCEC2041BB03C09439B70896C230DF40CD37940250021B9337491B811

Uniqueness

Uniqueness Score: -1.00%

Function 048D2EC0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.314940671.00000000048D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_48d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b964d67042a272f8c36d97b1e70b30ae2c4f28374cadde3b51a76bda481d4a6d
Instruction ID: ef9c95ec8b150754d29ca66028ce079862bdb877c070e327491faf0f923c7b84
Opcode Fuzzy Hash: b964d67042a272f8c36d97b1e70b30ae2c4f28374cadde3b51a76bda481d4a6d
Instruction Fuzzy Hash: DFB0123025D2091B17406BB12C08A12338C478040534005A1980CC0001F510E0D03140

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

AV Detection

E-Banking Fraud

Stealing of Sensitive Information

Remote Access Functionality

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log

C:\Users\user\AppData\Local\Temp\tmp187C.tmp

C:\Users\user\AppData\Local\Temp\tmp21A4.tmp

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat

Static File Info

Windows Analysis Report
8FA3B2EB7650AC7FF7DBBEED506E3F17B805D64D69327.exe

Function 014D3850 Relevance: 2.0, Strings: 1, Instructions: 761
COMMON

Function 05592D6C Relevance: 1.6, APIs: 1, Instructions: 90
networkCOMMON

Function 014D2D58 Relevance: 2.6, Strings: 2, Instructions: 134
COMMON

Function 0559343D Relevance: 1.7, APIs: 1, Instructions: 164
windowCOMMON